Skip to content

Commit 6f5537b

Browse files
svghadisvghadi
authored
Merge commit from fork
Signed-off-by: Siddhesh Ghadi <[email protected]>
1 parent e4311d8 commit 6f5537b

File tree

3 files changed

+56
-3
lines changed

3 files changed

+56
-3
lines changed

go.mod

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ require (
1313
github.com/TomOnTime/utfutil v0.0.0-20180511104225-09c41003ee1d
1414
github.com/alicebob/miniredis/v2 v2.34.0
1515
github.com/antonmedv/expr v1.15.1
16-
github.com/argoproj/gitops-engine v0.7.1-0.20241216155226-54992bf42431
16+
github.com/argoproj/gitops-engine v0.7.1-0.20250129155113-7e21b91e9d0f
1717
github.com/argoproj/notifications-engine v0.4.1-0.20241007194503-2fef5c9049fd
1818
github.com/argoproj/pkg v0.13.7-0.20230626144333-d56162821bd1
1919
github.com/aws/aws-sdk-go v1.55.6

go.sum

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -90,8 +90,8 @@ github.com/antonmedv/expr v1.15.1/go.mod h1:0E/6TxnOlRNp81GMzX9QfDPAmHo2Phg00y4J
9090
github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ=
9191
github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ=
9292
github.com/appscode/go v0.0.0-20191119085241-0887d8ec2ecc/go.mod h1:OawnOmAL4ZX3YaPdN+8HTNwBveT1jMsqP74moa9XUbE=
93-
github.com/argoproj/gitops-engine v0.7.1-0.20241216155226-54992bf42431 h1:ku0Gzp1dHr7yn83B/xmMrmbB5sJbe32LXaYSDSBd6/c=
94-
github.com/argoproj/gitops-engine v0.7.1-0.20241216155226-54992bf42431/go.mod h1:WsnykM8idYRUnneeT31cM/Fq/ZsjkefCbjiD8ioCJkU=
93+
github.com/argoproj/gitops-engine v0.7.1-0.20250129155113-7e21b91e9d0f h1:6amQW2gmWyBr/3xz/YzpgrQ+91xKxtpaWiLBkgjjV8o=
94+
github.com/argoproj/gitops-engine v0.7.1-0.20250129155113-7e21b91e9d0f/go.mod h1:WsnykM8idYRUnneeT31cM/Fq/ZsjkefCbjiD8ioCJkU=
9595
github.com/argoproj/notifications-engine v0.4.1-0.20241007194503-2fef5c9049fd h1:lOVVoK89j9Nd4+JYJiKAaMNYC1402C0jICROOfUPWn0=
9696
github.com/argoproj/notifications-engine v0.4.1-0.20241007194503-2fef5c9049fd/go.mod h1:N0A4sEws2soZjEpY4hgZpQS8mRIEw6otzwfkgc3g9uQ=
9797
github.com/argoproj/pkg v0.13.7-0.20230626144333-d56162821bd1 h1:qsHwwOJ21K2Ao0xPju1sNuqphyMnMYkyB3ZLoLtxWpo=

test/e2e/mask_secret_values_test.go

Lines changed: 53 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@ import (
77
"github.com/stretchr/testify/assert"
88

99
"github.com/argoproj/gitops-engine/pkg/health"
10+
"github.com/argoproj/gitops-engine/pkg/sync/common"
1011

1112
. "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
1213
. "github.com/argoproj/argo-cd/v3/test/e2e/fixture"
@@ -56,3 +57,55 @@ data:
5657
assert.False(t, sensitiveData.MatchString(diff))
5758
})
5859
}
60+
61+
// Secret values shouldn't be exposed in error messages and the diff view
62+
// when invalid secret is synced.
63+
func TestMaskValuesInInvalidSecret(t *testing.T) {
64+
sensitiveData := regexp.MustCompile(`SECRETVAL|U0VDUkVUVkFM|12345`)
65+
66+
Given(t).
67+
Path("empty-dir").
68+
When().
69+
// valid secret
70+
AddFile("secrets.yaml", `apiVersion: v1
71+
kind: Secret
72+
metadata:
73+
name: secret
74+
annotations:
75+
app: test
76+
stringData:
77+
username: SECRETVAL
78+
data:
79+
password: U0VDUkVUVkFM
80+
`).
81+
CreateApp().
82+
Sync().
83+
Then().
84+
Expect(SyncStatusIs(SyncStatusCodeSynced)).
85+
Expect(HealthIs(health.HealthStatusHealthy)).
86+
// secret data shouldn't be exposed in manifests output
87+
And(func(app *Application) {
88+
mnfs, _ := RunCli("app", "manifests", app.Name)
89+
assert.False(t, sensitiveData.MatchString(mnfs))
90+
}).
91+
When().
92+
// invalidate secret
93+
PatchFile("secrets.yaml", `[{"op": "replace", "path": "/data/password", "value": 12345}]`).
94+
Refresh(RefreshTypeHard).
95+
IgnoreErrors().
96+
Sync().
97+
Then().
98+
Expect(SyncStatusIs(SyncStatusCodeOutOfSync)).
99+
Expect(OperationPhaseIs(common.OperationFailed)).
100+
// secret data shouldn't be exposed in manifests, diff & error output for invalid secret
101+
And(func(app *Application) {
102+
mnfs, _ := RunCli("app", "manifests", app.Name)
103+
assert.False(t, sensitiveData.MatchString(mnfs))
104+
105+
diff, _ := RunCli("app", "diff", app.Name)
106+
assert.False(t, sensitiveData.MatchString(diff))
107+
108+
msg := app.Status.OperationState.Message
109+
assert.False(t, sensitiveData.MatchString(msg))
110+
})
111+
}

0 commit comments

Comments
 (0)