From f2dc2ca3f69628150f138832ddc798a58958d723 Mon Sep 17 00:00:00 2001
From: Alexey Odinokov <aodinokov@mirantis.com>
Date: Tue, 16 Feb 2021 05:03:56 +0000
Subject: [PATCH] Allow airshipctl phase render to display encrypted secrets

Relates-to: #453
Change-Id: I150a48cbec5c87943ed6c07a8ef8d562437fda46
---
 cmd/phase/render.go                                 |  6 ++++++
 .../TestRenderGoldenOutput/render-with-help.golden  |  1 +
 docs/source/cli/airshipctl_phase_render.md          |  1 +
 pkg/phase/render.go                                 | 13 +++++++++++--
 4 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/cmd/phase/render.go b/cmd/phase/render.go
index e0a28d86f..15714a264 100644
--- a/cmd/phase/render.go
+++ b/cmd/phase/render.go
@@ -97,6 +97,12 @@ func addRenderFlags(filterOptions *phase.RenderCommand, cmd *cobra.Command) {
 			"error will be returned\n"+
 			"executor: rendering will be performed by executor if the phase\n"+
 			"config: this will render bundle containing phase and executor documents")
+	flags.BoolVarP(
+		&filterOptions.FailOnDecryptionError,
+		"decrypt",
+		"d",
+		false,
+		"ensure that decryption of encrypted documents has finished successfully")
 }
 
 // RenderArgs returns an error if there are not exactly n args.
diff --git a/cmd/phase/testdata/TestRenderGoldenOutput/render-with-help.golden b/cmd/phase/testdata/TestRenderGoldenOutput/render-with-help.golden
index a16cefea5..0b04720a8 100644
--- a/cmd/phase/testdata/TestRenderGoldenOutput/render-with-help.golden
+++ b/cmd/phase/testdata/TestRenderGoldenOutput/render-with-help.golden
@@ -23,6 +23,7 @@ airshipctl phase render initinfra --source executor
 Flags:
   -a, --annotation string   filter documents by Annotations
   -g, --apiversion string   filter documents by API version
+  -d, --decrypt             ensure that decryption of encrypted documents has finished successfully
   -h, --help                help for render
   -k, --kind string         filter documents by Kinds
   -l, --label string        filter documents by Labels
diff --git a/docs/source/cli/airshipctl_phase_render.md b/docs/source/cli/airshipctl_phase_render.md
index c1c09cd6e..76beb1598 100644
--- a/docs/source/cli/airshipctl_phase_render.md
+++ b/docs/source/cli/airshipctl_phase_render.md
@@ -35,6 +35,7 @@ airshipctl phase render initinfra --source executor
 ```
   -a, --annotation string   filter documents by Annotations
   -g, --apiversion string   filter documents by API version
+  -d, --decrypt             ensure that decryption of encrypted documents has finished successfully
   -h, --help                help for render
   -k, --kind string         filter documents by Kinds
   -l, --label string        filter documents by Labels
diff --git a/pkg/phase/render.go b/pkg/phase/render.go
index 9b42edbcb..effdee291 100644
--- a/pkg/phase/render.go
+++ b/pkg/phase/render.go
@@ -16,6 +16,7 @@ package phase
 
 import (
 	"io"
+	"os"
 	"strings"
 
 	"opendev.org/airship/airshipctl/pkg/config"
@@ -49,8 +50,11 @@ type RenderCommand struct {
 	// phase the source will use kustomize root at phase entry point
 	// config will render a bundle that comes from site metadata file, and contains phase and executor docs
 	// executor means that rendering will be delegated to phase executor
-	Source  string
-	PhaseID ifc.ID
+	Source string
+	// FailOnDecryptionError makes sure that encrypted documents are getting decrypted by avoiding setting
+	// env variable TOLERATE_DECRYPTION_FAILURES=true
+	FailOnDecryptionError bool
+	PhaseID               ifc.ID
 }
 
 // RunE prints out filtered documents
@@ -58,6 +62,11 @@ func (fo *RenderCommand) RunE(cfgFactory config.Factory, out io.Writer) error {
 	if err := fo.Validate(); err != nil {
 		return err
 	}
+
+	if !fo.FailOnDecryptionError {
+		os.Setenv("TOLERATE_DECRYPTION_FAILURES", "true")
+	}
+
 	cfg, err := cfgFactory()
 	if err != nil {
 		return err