Commit dddbc353 authored by Thong Kuah's avatar Thong Kuah

Solve multi word CI variables not quoted properly

ie. fix below quoting issue:

```
kubectl create secret -n project-with-autodevops-900057eb1ce34399-77 \
  generic production-secret \
  '--from-literal=OPTIONAL_MESSAGE=You' can see this secret \
  -o yaml --dry-run
```

With fix, it should be generating:

```
kubectl create secret -n project-with-autodevops-900057eb1ce34399-77 \
  generic production-secret \
  --from-literal 'OPTIONAL_MESSAGE=You can see this secret' \
  -o yaml --dry-run
```

Call via bash -c, instead of assuming bash

The shell is /bin/sh, so we cannot asssume bash. Hence we use `bash -c`

bash is installed for deploy jobs in a prior step
parent 4b92b550
...@@ -595,15 +595,46 @@ rollout 100%: ...@@ -595,15 +595,46 @@ rollout 100%:
fi fi
} }
# Finds any variables prefixed with `K8S_SECRET_`, and exports them as the # Extracts variables prefixed with K8S_SECRET_
# global $K8S_VARIABLES with prefix removed. # and creates a Kubernetes secret.
#
# e.g. if we have the following vars
# K8S_SECRET_A=value1
# K8S_SECRET_B=multi\ word\ value
#
# Then we get:
# --from-literal K8S_SECRET_A=value1 --from-literal 'K8S_SECRET_B=multi word value'
#
# NOTE: We set IFS as we need to split by newline so that we can loop through
# multi word variables correctly.
function create_application_secret() {
bash -c '
function extract_prefixed_variables() { function extract_prefixed_variables() {
prefix="K8S_SECRET_" prefix="K8S_SECRET_"
k8s_variables=$(env | (grep "^${prefix}" || [[ $? == 1 ]]) | sed "s/^${prefix}//") k8s_variables=$(env | (grep "^${prefix}" || [[ $? == 1 ]]))
export K8S_VARIABLES=$k8s_variables export K8S_VARIABLES=$k8s_variables
} }
function create_secret() {
local IFS=$(echo -en "\n\b")
for k8s_variable in $K8S_VARIABLES; do
param="${k8s_variable#K8S_SECRET_}"
fromLiteralArgs+=("--from-literal")
fromLiteralArgs+=("${param}")
done
kubectl create secret \
-n "$KUBE_NAMESPACE" generic "$APPLICATION_SECRET_NAME" ${fromLiteralArgs[@]} -o yaml \
--dry-run | kubectl replace -n "$KUBE_NAMESPACE" --force -f -
}
extract_prefixed_variables
create_secret
'
}
function deploy() { function deploy() {
track="${1-stable}" track="${1-stable}"
percentage="${2:-100}" percentage="${2:-100}"
...@@ -629,22 +660,8 @@ rollout 100%: ...@@ -629,22 +660,8 @@ rollout 100%:
secret_name='' secret_name=''
fi fi
extract_prefixed_variables export APPLICATION_SECRET_NAME="${name}-secret"
if [[ -n "$K8S_VARIABLES" ]]; then create_application_secret
echo "Prefixed CI variables found, creating secret..."
application_secret_name="${name}-secret"
fromLiteralArgs=""
for k8s_variable in ${K8S_VARIABLES}; do
fromLiteralArgs="${fromLiteralArgs:+${fromLiteralArgs} }--from-literal=${k8s_variable}"
done
# We want fromLiteralArgs to be interpreted as args, so don't quote it!
kubectl create secret -n "$KUBE_NAMESPACE" \
generic "$application_secret_name" \
${fromLiteralArgs} \
-o yaml --dry-run | kubectl replace -n "$KUBE_NAMESPACE" --force -f -
fi
if [[ -n "$DB_INITIALIZE" && -z "$(helm ls -q "^$name$")" ]]; then if [[ -n "$DB_INITIALIZE" && -z "$(helm ls -q "^$name$")" ]]; then
echo "Deploying first release with database initialization..." echo "Deploying first release with database initialization..."
...@@ -658,7 +675,7 @@ rollout 100%: ...@@ -658,7 +675,7 @@ rollout 100%:
--set image.secrets[0].name="$secret_name" \ --set image.secrets[0].name="$secret_name" \
--set application.track="$track" \ --set application.track="$track" \
--set application.database_url="$DATABASE_URL" \ --set application.database_url="$DATABASE_URL" \
--set application.secretName="$application_secret_name" \ --set application.secretName="$APPLICATION_SECRET_NAME" \
--set service.url="$CI_ENVIRONMENT_URL" \ --set service.url="$CI_ENVIRONMENT_URL" \
--set replicaCount="$replicas" \ --set replicaCount="$replicas" \
--set postgresql.enabled="$postgres_enabled" \ --set postgresql.enabled="$postgres_enabled" \
...@@ -691,7 +708,7 @@ rollout 100%: ...@@ -691,7 +708,7 @@ rollout 100%:
--set image.secrets[0].name="$secret_name" \ --set image.secrets[0].name="$secret_name" \
--set application.track="$track" \ --set application.track="$track" \
--set application.database_url="$DATABASE_URL" \ --set application.database_url="$DATABASE_URL" \
--set application.secretName="$application_secret_name" \ --set application.secretName="$APPLICATION_SECRET_NAME" \
--set service.url="$CI_ENVIRONMENT_URL" \ --set service.url="$CI_ENVIRONMENT_URL" \
--set replicaCount="$replicas" \ --set replicaCount="$replicas" \
--set postgresql.enabled="$postgres_enabled" \ --set postgresql.enabled="$postgres_enabled" \
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment