Merge pull request #44 from Aishwarya-Lad/CI-14277-revert

raghavharness · web-flow · commit 8b1e82bb8afc · 2024-11-05T12:14:40.000-08:00
fix:[CI-14277]:revert base64 support added to handle secrets with spe…
diff --git a/app.go b/app.go
@@ -275,16 +275,6 @@ func Run() {
 			Usage:  "secret key value pair eg id=MYSECRET",
 			EnvVar: "PLUGIN_SECRET",
 		},
-		cli.StringSliceFlag{
-			Name:   "encoded-secrets-from-env",
-			Usage:  "list of secret env that are base64 encoded",
-			EnvVar: "PLUGIN_ENCODED_ENV_SECRET",
-		},
-		cli.BoolFlag{
-			Name:   "decode-env-secret",
-			Usage:  "decode env values default-false",
-			EnvVar: "PLUGIN_DECODE_ENV_SECRET",
-		},
 		cli.StringSliceFlag{
 			Name:   "secrets-from-env",
 			Usage:  "secret key value pair eg secret_name=secret",
@@ -419,8 +409,6 @@ func run(c *cli.Context) error {
 			Platform:          c.String("platform"),
 			SSHAgentKey:       c.String("ssh-agent-key"),
 			BuildxLoad:        c.Bool("buildx-load"),
-			DecodeEnvSecret:   c.Bool("decode-env-secret"),
-			EncodedSecretEnvs: c.StringSlice("encoded-secrets-from-env"),
 		},
 		Daemon: Daemon{
 			Registry:         c.String("docker.registry"),
diff --git a/docker.go b/docker.go
@@ -1,10 +1,8 @@
 package docker
 
 import (
-	"encoding/base64"
 	"encoding/json"
 	"fmt"
-	"log"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -83,8 +81,6 @@ type (
 		SSHAgentKey       string   // Docker build ssh agent key
 		SSHKeyPath        string   // Docker build ssh key path
 		BuildxLoad        bool     // Docker buildx --load
-		DecodeEnvSecret   bool     // Decode the secret value in env
-		EncodedSecretEnvs []string // Docker build env secrets that are encoded using base64
 	}
 
 	// Plugin defines the Docker plugin parameters.
@@ -469,30 +465,6 @@ func commandInfo() *exec.Cmd {
 	return exec.Command(dockerExe, "info")
 }
 
-// helper function to update env var value from base64 encoded to decoded
-func updateEnvWithDecodedValue(encodedEnvList []string) error {
-	for _, envName := range encodedEnvList {
-		// Get the current base64 encoded value
-		encodedValue := os.Getenv(envName)
-		if encodedValue == "" {
-			return fmt.Errorf("environment variable %s not found", envName)
-		}
-
-		// Decode the base64 value
-		decodedBytes, err := base64.StdEncoding.DecodeString(encodedValue)
-		if err != nil {
-			return fmt.Errorf("failed to decode value for %s: %v", envName, err)
-		}
-
-		// Update the environment variable with the decoded value
-		err = os.Setenv(envName, string(decodedBytes))
-		if err != nil {
-			return fmt.Errorf("failed to set environment variable %s: %v", envName, err)
-		}
-	}
-	return nil
-}
-
 // helper function to create the docker buildx command.
 func commandBuildx(build Build, builder Builder, dryrun bool, metadataFile string) *exec.Cmd {
 	args := []string{
@@ -549,13 +521,6 @@ func commandBuildx(build Build, builder Builder, dryrun bool, metadataFile strin
 	if build.Secret != "" {
 		args = append(args, "--secret", build.Secret)
 	}
-	// update the list of env variables that have been encoded with base64
-	if build.DecodeEnvSecret {
-		err := updateEnvWithDecodedValue(build.EncodedSecretEnvs)
-		if err != nil {
-			log.Printf("failed to decode harness secrets used as docker secrets in the build command: %v", err)
-		}
-	}
 	for _, secret := range build.SecretEnvs {
 		if arg, err := getSecretStringCmdArg(secret); err == nil {
 			args = append(args, "--secret", arg)
diff --git a/docker_test.go b/docker_test.go
@@ -207,89 +207,11 @@ func TestCommandBuildx(t *testing.T) {
 				"--metadata-file /tmp/metadata.json",
 			),
 		},
-		{
-			name: "encoded secrets from env",
-			build: Build{
-				Name:       "plugins/drone-docker:latest",
-				Dockerfile: "Dockerfile",
-				Context:    ".",
-				SecretEnvs: []string{
-					"foo_secret=FOO_SECRET_ENV_VAR",
-				},
-				EncodedSecretEnvs: []string{
-					"ENCODED_SECRET",
-				},
-				DecodeEnvSecret: true,
-				Repo:            "plugins/drone-docker",
-				Tags:            []string{"latest"},
-			},
-			want: exec.Command(
-				dockerExe,
-				"buildx",
-				"build",
-				"--rm=true",
-				"-f",
-				"Dockerfile",
-				"-t",
-				"plugins/drone-docker:latest",
-				"--push",
-				".",
-				"--secret", "id=foo_secret,env=FOO_SECRET_ENV_VAR",
-			),
-		},
-		{
-			name: "multiple secrets with encoding",
-			build: Build{
-				Name:       "plugins/drone-docker:latest",
-				Dockerfile: "Dockerfile",
-				Context:    ".",
-				SecretEnvs: []string{
-					"foo_secret=FOO_SECRET_ENV_VAR",
-					"bar_secret=BAR_SECRET_ENV_VAR",
-				},
-				EncodedSecretEnvs: []string{
-					"ENCODED_SECRET1",
-					"ENCODED_SECRET2",
-				},
-				DecodeEnvSecret: true,
-				Repo:            "plugins/drone-docker",
-				Tags:            []string{"latest"},
-			},
-			want: exec.Command(
-				dockerExe,
-				"buildx",
-				"build",
-				"--rm=true",
-				"-f",
-				"Dockerfile",
-				"-t",
-				"plugins/drone-docker:latest",
-				"--push",
-				".",
-				"--secret", "id=foo_secret,env=FOO_SECRET_ENV_VAR",
-				"--secret", "id=bar_secret,env=BAR_SECRET_ENV_VAR",
-			),
-		},
 	}
 
 	for _, tc := range tcs {
 		tc := tc
 		t.Run(tc.name, func(t *testing.T) {
-			// Set up test environment variables if needed
-			if tc.build.DecodeEnvSecret && len(tc.build.EncodedSecretEnvs) > 0 {
-				// Set sample encoded values
-				os.Setenv("ENCODED_SECRET", "SGVsbG8gV29ybGQ=")  // "Hello World" in base64
-				os.Setenv("ENCODED_SECRET1", "VGVzdFZhbHVlMQ==") // "TestValue1" in base64
-				os.Setenv("ENCODED_SECRET2", "VGVzdFZhbHVlMg==") // "TestValue2" in base64
-
-				// Clean up after test
-				defer func() {
-					os.Unsetenv("ENCODED_SECRET")
-					os.Unsetenv("ENCODED_SECRET1")
-					os.Unsetenv("ENCODED_SECRET2")
-				}()
-			}
-
 			cmd := commandBuildx(tc.build, tc.builder, tc.dryrun, tc.metadata)
 			if !reflect.DeepEqual(cmd.String(), tc.want.String()) {
 				t.Errorf("Got cmd %v, want %v", cmd, tc.want)
