Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Bug/escape special characters vault (#2537)

* Change json.Marshal to Encoder to support special characters

Signed-off-by: Arnout Hoebreckx <arnouthoebreckx@gmail.com>

* Add test for special characters

Signed-off-by: Arnout Hoebreckx <arnouthoebreckx@gmail.com>

* Handle error of encoder

Signed-off-by: Arnout Hoebreckx <arnouthoebreckx@gmail.com>

---------

Signed-off-by: Arnout Hoebreckx <arnouthoebreckx@gmail.com>
arnouthoebreckx 2 years ago
parent
1ad4a66ab1
commit
1e281b92ca
2 changed files with 46 additions and 1 deletions
Unified View Show Diff Stats
  1. 8 1
      pkg/provider/vault/vault.go
  2. 38 0
      pkg/provider/vault/vault_test.go

+ 8 - 1
pkg/provider/vault/vault.go
View File 

@@ -484,7 +484,14 @@ func (v *client) PushSecret(ctx context.Context, value []byte, remoteRef esv1bet
 
 			return fmt.Errorf("secret not managed by external-secrets")
 
 			return fmt.Errorf("secret not managed by external-secrets")
 
 		}
 
 		}
 
 	}
 
 	}
 
-	vaultSecretValue, err := json.Marshal(vaultSecret)
 
+	buf := &bytes.Buffer{}
 
+	enc := json.NewEncoder(buf)
 
+	enc.SetEscapeHTML(false)
 
+	err = enc.Encode(vaultSecret)
 
+	if err != nil {
 
+		return fmt.Errorf("error encoding vault secret: %w", err)
 
+	}
 
+	vaultSecretValue := bytes.TrimSpace(buf.Bytes())
 
 	if err != nil {
 
 	if err != nil {
 
 		return fmt.Errorf("error marshaling vault secret: %w", err)
 
 		return fmt.Errorf("error marshaling vault secret: %w", err)
 
 	}
 
 	}

+ 38 - 0
pkg/provider/vault/vault_test.go
View File 

@@ -830,6 +830,10 @@ func TestGetSecretMap(t *testing.T) {
 
 		"access_key":    "access_key",
 
 		"access_key":    "access_key",
 
 		"access_secret": "access_secret",
 
 		"access_secret": "access_secret",
 
 	}
 
 	}
 
+	secretWithSpecialCharacter := map[string]interface{}{
 
+		"access_key":    "acc<ess_&ke.,y",
 
+		"access_secret": "acce&?ss_s>ecret",
 
+	}
 
 	secretWithNilVal := map[string]interface{}{
 
 	secretWithNilVal := map[string]interface{}{
 
 		"access_key":    "access_key",
 
 		"access_key":    "access_key",
 
 		"access_secret": "access_secret",
 
 		"access_secret": "access_secret",
 
@@ -906,6 +910,40 @@ func TestGetSecretMap(t *testing.T) {
 
 				},
 
 				},
 
 			},
 
 			},
 
 		},
 
 		},
 
+		"ReadSecretWithSpecialCharactersKV1": {
 
+			reason: "Should map the secret even if it has a nil value",
 
+			args: args{
 
+				store: makeValidSecretStoreWithVersion(esv1beta1.VaultKVStoreV1).Spec.Provider.Vault,
 
+				vClient: &fake.Logical{
 
+					ReadWithDataWithContextFn: fake.NewReadWithContextFn(secretWithSpecialCharacter, nil),
 
+				},
 
+			},
 
+			want: want{
 
+				err: nil,
 
+				val: map[string][]byte{
 
+					"access_key":    []byte("acc<ess_&ke.,y"),
 
+					"access_secret": []byte("acce&?ss_s>ecret"),
 
+				},
 
+			},
 
+		},
 
+		"ReadSecretWithSpecialCharactersKV2": {
 
+			reason: "Should map the secret even if it has a nil value",
 
+			args: args{
 
+				store: makeValidSecretStoreWithVersion(esv1beta1.VaultKVStoreV2).Spec.Provider.Vault,
 
+				vClient: &fake.Logical{
 
+					ReadWithDataWithContextFn: fake.NewReadWithContextFn(map[string]interface{}{
 
+						"data": secretWithSpecialCharacter,
 
+					}, nil),
 
+				},
 
+			},
 
+			want: want{
 
+				err: nil,
 
+				val: map[string][]byte{
 
+					"access_key":    []byte("acc<ess_&ke.,y"),
 
+					"access_secret": []byte("acce&?ss_s>ecret"),
 
+				},
 
+			},
 
+		},
 
 		"ReadSecretWithNilValueKV1": {
 
 		"ReadSecretWithNilValueKV1": {
 
 			reason: "Should map the secret even if it has a nil value",
 
 			reason: "Should map the secret even if it has a nil value",
 
 			args: args{
 
 			args: args{