Skip to content

Commit 7cb0233

Browse files
howardjohnhowardjohn
committed
Add -d to decode secrets
1 parent 50d310c commit 7cb0233

File tree

2 files changed

+41
-6
lines changed

2 files changed

+41
-6
lines changed

cmd/cmd.go

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@ var (
1313
unlist = false
1414
summary = false
1515
clean = false
16+
decode = false
1617
regex = ""
1718
invertRegex = false
1819
insensitiveRegex = false
@@ -44,7 +45,7 @@ var rootCmd = &cobra.Command{
4445
selector.Regex = rx
4546
selector.InvertRegex = invertRegex
4647
}
47-
if err := pkg.GrepResources(selector, cmd.InOrStdin(), cmd.OutOrStdout(), dm); err != nil {
48+
if err := pkg.GrepResources(selector, cmd.InOrStdin(), cmd.OutOrStdout(), dm, decode); err != nil {
4849
return err
4950
}
5051
return nil
@@ -58,6 +59,8 @@ func init() {
5859
"Summarize output")
5960
rootCmd.PersistentFlags().BoolVarP(&clean, "clean", "n", clean,
6061
"Cleanup generate fields")
62+
rootCmd.PersistentFlags().BoolVarP(&decode, "decode", "d", decode,
63+
"Decode base64 fields in Secrets")
6164

6265
rootCmd.PersistentFlags().StringVarP(&regex, "regex", "r", regex,
6366
"Raw regex to match against")

pkg/grep.go

Lines changed: 37 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@ package pkg
22

33
import (
44
"bufio"
5+
"encoding/base64"
56
"fmt"
67
"io"
78
"regexp"
@@ -113,7 +114,7 @@ const (
113114
CleanStatus
114115
)
115116

116-
func GrepResources(sel Selector, in io.Reader, out io.Writer, mode DisplayMode) error {
117+
func GrepResources(sel Selector, in io.Reader, out io.Writer, mode DisplayMode, decode bool) error {
117118
output := func(d string) {
118119
_, _ = fmt.Fprint(out, d)
119120
}
@@ -129,7 +130,7 @@ func GrepResources(sel Selector, in io.Reader, out io.Writer, mode DisplayMode)
129130
return fmt.Errorf("failed to read document: %v", err)
130131
}
131132
// Optimization: Do not do YAML marshal if not needed
132-
if sel.MatchesAll() && mode == Full {
133+
if sel.MatchesAll() && mode == Full && !decode {
133134
if !first {
134135
fmt.Fprint(out, "---\n")
135136
}
@@ -146,12 +147,16 @@ func GrepResources(sel Selector, in io.Reader, out io.Writer, mode DisplayMode)
146147
if !obj.Empty() {
147148
output(obj.String() + "\n")
148149
}
149-
} else if mode == Clean || mode == CleanStatus {
150+
} else if mode == Clean || mode == CleanStatus || decode {
150151
raw := genericMap{}
151152
if err := yaml.Unmarshal(text, &raw); err != nil {
152153
return err
153154
}
154-
o, err := yaml.Marshal(strip(raw, mode))
155+
raw = strip(raw, mode)
156+
if decode && obj.Kind == "Secret" {
157+
raw = decodeSecret(raw)
158+
}
159+
o, err := yaml.Marshal(raw)
155160
if err != nil {
156161
return err
157162
}
@@ -174,7 +179,34 @@ func GrepResources(sel Selector, in io.Reader, out io.Writer, mode DisplayMode)
174179
return nil
175180
}
176181

177-
func strip(raw genericMap, mode DisplayMode) interface{} {
182+
func decodeSecret(raw genericMap) genericMap {
183+
data, ok := raw["data"]
184+
if !ok {
185+
return raw
186+
}
187+
gm, ok := data.(genericMap)
188+
if !ok {
189+
return raw
190+
}
191+
for k, v := range gm {
192+
gm[k] = base64Decode(v)
193+
}
194+
return raw
195+
}
196+
197+
func base64Decode(d interface{}) interface{} {
198+
t, ok := d.(string)
199+
if !ok {
200+
return d
201+
}
202+
b, err := base64.StdEncoding.DecodeString(t)
203+
if err != nil {
204+
return d
205+
}
206+
return string(b)
207+
}
208+
209+
func strip(raw genericMap, mode DisplayMode) genericMap {
178210
if mode == Clean || mode == CleanStatus {
179211
deleteNested(raw, "metadata", "annotations", "kubectl.kubernetes.io/last-applied-configuration")
180212
deleteNested(raw, "metadata", "generation")

0 commit comments

Comments
 (0)