From f32efceffd773a77c23ff5e7694632884d582fe3 Mon Sep 17 00:00:00 2001 From: Nick Tenczar Date: Thu, 9 Feb 2023 13:40:12 -0800 Subject: [PATCH] Fix YTT processing to avoid errors parsing passwords Fixes our ytt processor so that password values are not passed to the yaml parser as yaml. This prevents the password from being interpreted as yaml, which could lead to template errors and other failures. --- tkg/yamlprocessor/ytt.go | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/tkg/yamlprocessor/ytt.go b/tkg/yamlprocessor/ytt.go index e1cc049907..102194bb21 100644 --- a/tkg/yamlprocessor/ytt.go +++ b/tkg/yamlprocessor/ytt.go @@ -9,6 +9,7 @@ import ( "regexp" "sort" "strconv" + "strings" "github.com/pkg/errors" "gopkg.in/yaml.v3" @@ -166,6 +167,7 @@ func (p *YTTProcessor) Process(rawArtifact []byte, variablesClient func(string) // build out the data values for ytt dataValues := make([]string, 0, len(variables)) + stringValues := make([]string, 0, len(variables)) for _, vName := range variables { vValue, err := variablesClient(vName) if err != nil { @@ -189,14 +191,17 @@ func (p *YTTProcessor) Process(rawArtifact []byte, variablesClient func(string) } } - if convertable { + if strings.Contains(strings.ToUpper(vName), "PASSWORD") { + stringValues = append(stringValues, fmt.Sprintf("%s=%s", vName, vValue)) + } else if convertable { dataValues = append(dataValues, fmt.Sprintf("%s=%s", vName, vValue)) } else { dataValues = append(dataValues, fmt.Sprintf("%s=%q", vName, vValue)) } } dvf := template.DataValuesFlags{ - KVsFromYAML: dataValues, + KVsFromStrings: stringValues, + KVsFromYAML: dataValues, } // add the data values as overlays to the ytt templates