Allow airshipctl phase render to display encrypted secrets
Relates-to: #453 Change-Id: I150a48cbec5c87943ed6c07a8ef8d562437fda46
This commit is contained in:
parent
f50998935e
commit
f2dc2ca3f6
@ -97,6 +97,12 @@ func addRenderFlags(filterOptions *phase.RenderCommand, cmd *cobra.Command) {
|
||||
"error will be returned\n"+
|
||||
"executor: rendering will be performed by executor if the phase\n"+
|
||||
"config: this will render bundle containing phase and executor documents")
|
||||
flags.BoolVarP(
|
||||
&filterOptions.FailOnDecryptionError,
|
||||
"decrypt",
|
||||
"d",
|
||||
false,
|
||||
"ensure that decryption of encrypted documents has finished successfully")
|
||||
}
|
||||
|
||||
// RenderArgs returns an error if there are not exactly n args.
|
||||
|
@ -23,6 +23,7 @@ airshipctl phase render initinfra --source executor
|
||||
Flags:
|
||||
-a, --annotation string filter documents by Annotations
|
||||
-g, --apiversion string filter documents by API version
|
||||
-d, --decrypt ensure that decryption of encrypted documents has finished successfully
|
||||
-h, --help help for render
|
||||
-k, --kind string filter documents by Kinds
|
||||
-l, --label string filter documents by Labels
|
||||
|
@ -35,6 +35,7 @@ airshipctl phase render initinfra --source executor
|
||||
```
|
||||
-a, --annotation string filter documents by Annotations
|
||||
-g, --apiversion string filter documents by API version
|
||||
-d, --decrypt ensure that decryption of encrypted documents has finished successfully
|
||||
-h, --help help for render
|
||||
-k, --kind string filter documents by Kinds
|
||||
-l, --label string filter documents by Labels
|
||||
|
@ -16,6 +16,7 @@ package phase
|
||||
|
||||
import (
|
||||
"io"
|
||||
"os"
|
||||
"strings"
|
||||
|
||||
"opendev.org/airship/airshipctl/pkg/config"
|
||||
@ -49,8 +50,11 @@ type RenderCommand struct {
|
||||
// phase the source will use kustomize root at phase entry point
|
||||
// config will render a bundle that comes from site metadata file, and contains phase and executor docs
|
||||
// executor means that rendering will be delegated to phase executor
|
||||
Source string
|
||||
PhaseID ifc.ID
|
||||
Source string
|
||||
// FailOnDecryptionError makes sure that encrypted documents are getting decrypted by avoiding setting
|
||||
// env variable TOLERATE_DECRYPTION_FAILURES=true
|
||||
FailOnDecryptionError bool
|
||||
PhaseID ifc.ID
|
||||
}
|
||||
|
||||
// RunE prints out filtered documents
|
||||
@ -58,6 +62,11 @@ func (fo *RenderCommand) RunE(cfgFactory config.Factory, out io.Writer) error {
|
||||
if err := fo.Validate(); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if !fo.FailOnDecryptionError {
|
||||
os.Setenv("TOLERATE_DECRYPTION_FAILURES", "true")
|
||||
}
|
||||
|
||||
cfg, err := cfgFactory()
|
||||
if err != nil {
|
||||
return err
|
||||
|
Loading…
Reference in New Issue
Block a user