Allow airshipctl phase render to display encrypted secrets

Relates-to: #453 Change-Id: I150a48cbec5c87943ed6c07a8ef8d562437fda46
2021-02-16 05:03:56 +00:00 · 2021-02-16 05:03:56 +00:00 · f2dc2ca3f6
commit f2dc2ca3f6
parent f50998935e
4 changed files with 19 additions and 2 deletions
--- a/cmd/phase/render.go
+++ b/cmd/phase/render.go
@ -97,6 +97,12 @@ func addRenderFlags(filterOptions *phase.RenderCommand, cmd *cobra.Command) {
 			"error will be returned\n"+
 			"executor: rendering will be performed by executor if the phase\n"+
 			"config: this will render bundle containing phase and executor documents")
+	flags.BoolVarP(
+		&filterOptions.FailOnDecryptionError,
+		"decrypt",
+		"d",
+		false,
+		"ensure that decryption of encrypted documents has finished successfully")
 }

 // RenderArgs returns an error if there are not exactly n args.
--- a/cmd/phase/testdata/TestRenderGoldenOutput/render-with-help.golden
+++ b/cmd/phase/testdata/TestRenderGoldenOutput/render-with-help.golden
@ -23,6 +23,7 @@ airshipctl phase render initinfra --source executor
 Flags:
  -a, --annotation string   filter documents by Annotations
  -g, --apiversion string   filter documents by API version
+  -d, --decrypt             ensure that decryption of encrypted documents has finished successfully
  -h, --help                help for render
  -k, --kind string         filter documents by Kinds
  -l, --label string        filter documents by Labels
--- a/docs/source/cli/airshipctl_phase_render.md
+++ b/docs/source/cli/airshipctl_phase_render.md
@ -35,6 +35,7 @@ airshipctl phase render initinfra --source executor
 ```
  -a, --annotation string   filter documents by Annotations
  -g, --apiversion string   filter documents by API version
+  -d, --decrypt             ensure that decryption of encrypted documents has finished successfully
  -h, --help                help for render
  -k, --kind string         filter documents by Kinds
  -l, --label string        filter documents by Labels
--- a/pkg/phase/render.go
+++ b/pkg/phase/render.go
@ -16,6 +16,7 @@ package phase

 import (
 	"io"
+	"os"
 	"strings"

 	"opendev.org/airship/airshipctl/pkg/config"
@ -49,8 +50,11 @@ type RenderCommand struct {
 	// phase the source will use kustomize root at phase entry point
 	// config will render a bundle that comes from site metadata file, and contains phase and executor docs
 	// executor means that rendering will be delegated to phase executor
-	Source  string
-	PhaseID ifc.ID
+	Source string
+	// FailOnDecryptionError makes sure that encrypted documents are getting decrypted by avoiding setting
+	// env variable TOLERATE_DECRYPTION_FAILURES=true
+	FailOnDecryptionError bool
+	PhaseID               ifc.ID
 }

 // RunE prints out filtered documents
@ -58,6 +62,11 @@ func (fo *RenderCommand) RunE(cfgFactory config.Factory, out io.Writer) error {
 	if err := fo.Validate(); err != nil {
 		return err
 	}
+
+	if !fo.FailOnDecryptionError {
+		os.Setenv("TOLERATE_DECRYPTION_FAILURES", "true")
+	}
+
 	cfg, err := cfgFactory()
 	if err != nil {
 		return err