diff options
author | Thong Kuah <tkuah@gitlab.com> | 2018-12-18 12:04:25 +1300 |
---|---|---|
committer | Thong Kuah <tkuah@gitlab.com> | 2019-01-04 10:26:52 +1300 |
commit | dddbc3535b8886294d2c7a40ffdfe6562002f548 (patch) | |
tree | ba7dcdc7299473f100bd07549c2769e5252741f4 | |
parent | 4b92b5500b8d9cdbaa6e612b8f9a061624266cc4 (diff) | |
download | gitlab-ce-dddbc3535b8886294d2c7a40ffdfe6562002f548.tar.gz |
Solve multi word CI variables not quoted properly
ie. fix below quoting issue:
```
kubectl create secret -n project-with-autodevops-900057eb1ce34399-77 \
generic production-secret \
'--from-literal=OPTIONAL_MESSAGE=You' can see this secret \
-o yaml --dry-run
```
With fix, it should be generating:
```
kubectl create secret -n project-with-autodevops-900057eb1ce34399-77 \
generic production-secret \
--from-literal 'OPTIONAL_MESSAGE=You can see this secret' \
-o yaml --dry-run
```
Call via bash -c, instead of assuming bash
The shell is /bin/sh, so we cannot asssume bash. Hence we use `bash -c`
bash is installed for deploy jobs in a prior step
-rw-r--r-- | lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml | 67 |
1 files changed, 42 insertions, 25 deletions
diff --git a/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml b/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml index 1b55a6b12cd..4623636144a 100644 --- a/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml @@ -595,13 +595,44 @@ rollout 100%: fi } - # Finds any variables prefixed with `K8S_SECRET_`, and exports them as the - # global $K8S_VARIABLES with prefix removed. - function extract_prefixed_variables() { - prefix="K8S_SECRET_" - k8s_variables=$(env | (grep "^${prefix}" || [[ $? == 1 ]]) | sed "s/^${prefix}//") - - export K8S_VARIABLES=$k8s_variables + # Extracts variables prefixed with K8S_SECRET_ + # and creates a Kubernetes secret. + # + # e.g. if we have the following vars + # K8S_SECRET_A=value1 + # K8S_SECRET_B=multi\ word\ value + # + # Then we get: + # --from-literal K8S_SECRET_A=value1 --from-literal 'K8S_SECRET_B=multi word value' + # + # NOTE: We set IFS as we need to split by newline so that we can loop through + # multi word variables correctly. + function create_application_secret() { + bash -c ' + function extract_prefixed_variables() { + prefix="K8S_SECRET_" + k8s_variables=$(env | (grep "^${prefix}" || [[ $? == 1 ]])) + + export K8S_VARIABLES=$k8s_variables + } + + function create_secret() { + local IFS=$(echo -en "\n\b") + for k8s_variable in $K8S_VARIABLES; do + param="${k8s_variable#K8S_SECRET_}" + + fromLiteralArgs+=("--from-literal") + fromLiteralArgs+=("${param}") + done + + kubectl create secret \ + -n "$KUBE_NAMESPACE" generic "$APPLICATION_SECRET_NAME" ${fromLiteralArgs[@]} -o yaml \ + --dry-run | kubectl replace -n "$KUBE_NAMESPACE" --force -f - + } + + extract_prefixed_variables + create_secret + ' } function deploy() { @@ -629,22 +660,8 @@ rollout 100%: secret_name='' fi - extract_prefixed_variables - if [[ -n "$K8S_VARIABLES" ]]; then - echo "Prefixed CI variables found, creating secret..." - application_secret_name="${name}-secret" - fromLiteralArgs="" - - for k8s_variable in ${K8S_VARIABLES}; do - fromLiteralArgs="${fromLiteralArgs:+${fromLiteralArgs} }--from-literal=${k8s_variable}" - done - - # We want fromLiteralArgs to be interpreted as args, so don't quote it! - kubectl create secret -n "$KUBE_NAMESPACE" \ - generic "$application_secret_name" \ - ${fromLiteralArgs} \ - -o yaml --dry-run | kubectl replace -n "$KUBE_NAMESPACE" --force -f - - fi + export APPLICATION_SECRET_NAME="${name}-secret" + create_application_secret if [[ -n "$DB_INITIALIZE" && -z "$(helm ls -q "^$name$")" ]]; then echo "Deploying first release with database initialization..." @@ -658,7 +675,7 @@ rollout 100%: --set image.secrets[0].name="$secret_name" \ --set application.track="$track" \ --set application.database_url="$DATABASE_URL" \ - --set application.secretName="$application_secret_name" \ + --set application.secretName="$APPLICATION_SECRET_NAME" \ --set service.url="$CI_ENVIRONMENT_URL" \ --set replicaCount="$replicas" \ --set postgresql.enabled="$postgres_enabled" \ @@ -691,7 +708,7 @@ rollout 100%: --set image.secrets[0].name="$secret_name" \ --set application.track="$track" \ --set application.database_url="$DATABASE_URL" \ - --set application.secretName="$application_secret_name" \ + --set application.secretName="$APPLICATION_SECRET_NAME" \ --set service.url="$CI_ENVIRONMENT_URL" \ --set replicaCount="$replicas" \ --set postgresql.enabled="$postgres_enabled" \ |