diff --git a/packages/cmd/agent.go b/packages/cmd/agent.go index 7e9081e1..dd5794a1 100644 --- a/packages/cmd/agent.go +++ b/packages/cmd/agent.go @@ -39,6 +39,7 @@ import ( "github.com/Infisical/infisical-merge/packages/api" "github.com/Infisical/infisical-merge/packages/config" "github.com/Infisical/infisical-merge/packages/models" + "github.com/Infisical/infisical-merge/packages/templates" "github.com/Infisical/infisical-merge/packages/util" "github.com/Infisical/infisical-merge/packages/util/cache" "github.com/spf13/cobra" @@ -985,16 +986,10 @@ func ProcessTemplate(templateId int, templatePath string, data interface{}, acce "listSecrets": secretFunction, "dynamic_secret": dynamicSecretFunction, "getSecretByName": getSingleSecretFunction, - "minus": func(a, b int) int { - return a - b - }, - "add": func(a, b int) int { - return a + b - }, } templateName := path.Base(templatePath) - tmpl, err := template.New(templateName).Funcs(funcs).ParseFiles(templatePath) + tmpl, err := template.New(templateName).Funcs(templates.CompileTemplateFunctions(funcs)).ParseFiles(templatePath) if err != nil { return nil, err } @@ -1027,7 +1022,7 @@ func ProcessBase64Template(templateId int, encodedTemplate string, data interfac templateName := "base64Template" - tmpl, err := template.New(templateName).Funcs(funcs).Parse(templateString) + tmpl, err := template.New(templateName).Funcs(templates.CompileTemplateFunctions(funcs)).Parse(templateString) if err != nil { return nil, err } @@ -1053,7 +1048,7 @@ func ProcessLiteralTemplate(templateId int, templateString string, data interfac templateName := "literalTemplate" - tmpl, err := template.New(templateName).Funcs(funcs).Parse(templateString) + tmpl, err := template.New(templateName).Funcs(templates.CompileTemplateFunctions(funcs)).Parse(templateString) if err != nil { return nil, err } diff --git a/packages/cmd/bootstrap.go b/packages/cmd/bootstrap.go index 5268c68e..40b5b6e0 100644 --- a/packages/cmd/bootstrap.go +++ b/packages/cmd/bootstrap.go @@ -13,6 +13,7 @@ import ( "text/template" "github.com/Infisical/infisical-merge/packages/api" + "github.com/Infisical/infisical-merge/packages/templates" "github.com/Infisical/infisical-merge/packages/util" "github.com/rs/zerolog/log" "github.com/spf13/cobra" @@ -37,12 +38,14 @@ func handleK8SecretOutput(bootstrapResponse api.BootstrapInstanceResponse, k8Sec return fmt.Errorf("failed to create Kubernetes client: %v", err) } - // Parse and execute the template to render the data/stringData section - tmpl, err := template.New("k8-secret-template").Funcs(template.FuncMap{ + templateFuncs := template.FuncMap{ "encodeBase64": func(s string) string { return base64.StdEncoding.EncodeToString([]byte(s)) }, - }).Parse(k8SecretTemplate) + } + + // Parse and execute the template to render the data/stringData section + tmpl, err := template.New("k8-secret-template").Funcs(templates.CompileTemplateFunctions(templateFuncs)).Parse(k8SecretTemplate) if err != nil { return fmt.Errorf("failed to parse output template: %v", err) diff --git a/packages/templates/templates.go b/packages/templates/templates.go index 457ebdfc..c7a7cca5 100644 --- a/packages/templates/templates.go +++ b/packages/templates/templates.go @@ -2,7 +2,30 @@ package templates import ( "embed" + "text/template" + + "github.com/Masterminds/sprig/v3" ) //go:embed *.tmpl var TemplatesFS embed.FS + +func CompileTemplateFunctions(customFunctions template.FuncMap) template.FuncMap { + + templates := customFunctions + + sprigFuncs := sprig.TxtFuncMap() + // removed for security reasons + delete(sprigFuncs, "env") + delete(sprigFuncs, "expandenv") + + for k, v := range sprigFuncs { + // make sure we aren't overwriting any of our own functions + _, exists := templates[k] + if !exists { + templates[k] = v + } + } + + return templates +}