[FIX] Fix interpolation validation with secrets (#5)

costimuraru · web-flow · commit 7add6722e79b · 2019-11-01T15:34:29.000+02:00
diff --git a/himl/config_generator.py b/himl/config_generator.py
@@ -53,20 +53,21 @@ def process(self, cwd=None, path=None, filters=(), exclude_keys=(), enclosing_ke
             generator.add_dynamic_data()
             generator.resolve_interpolations()
 
-        if len(filters) > 0:
-            generator.filter_data(filters)
-
-        if len(exclude_keys) > 0:
-            generator.exclude_keys(exclude_keys)
-
         if not skip_secrets:
-            generator.resolve_secrets()
+            default_aws_profile = self.get_default_aws_profile(generator.generated_data)
+            generator.resolve_secrets(default_aws_profile)
             # Perform another resolving, in case some secrets are used as interpolations.
             # Example:
             # value1: "{{ssm.mysecret}}"
             # value2: "something-{{value1}} <--- this will be resolved at this step
             generator.resolve_interpolations()
 
+        if len(filters) > 0:
+            generator.filter_data(filters)
+
+        if len(exclude_keys) > 0:
+            generator.exclude_keys(exclude_keys)
+
         if not skip_interpolation_validation:
             generator.validate_interpolations()
 
@@ -83,6 +84,10 @@ def process(self, cwd=None, path=None, filters=(), exclude_keys=(), enclosing_ke
 
         return data
 
+    @staticmethod
+    def get_default_aws_profile(data):
+        return data['aws']['profile'] if 'aws' in data and 'profile' in data['aws'] else None
+
     @staticmethod
     def get_relative_path(path):
         cwd = os.path.join(os.getcwd(), '')
@@ -230,9 +235,9 @@ def resolve_interpolations(self):
         resolver = InterpolationResolver()
         self.generated_data = resolver.resolve_interpolations(self.generated_data)
 
-    def resolve_secrets(self):
+    def resolve_secrets(self, default_aws_profile):
         resolver = SecretResolver()
-        self.generated_data = resolver.resolve_secrets(self.generated_data)
+        self.generated_data = resolver.resolve_secrets(self.generated_data, default_aws_profile)
 
     def validate_interpolations(self):
         self.interpolation_validator.check_all_interpolations_resolved(self.generated_data)
diff --git a/himl/interpolation.py b/himl/interpolation.py
@@ -43,19 +43,16 @@ def resolve_interpolations(self, data):
 
 class SecretResolver(object):
 
-    def resolve_secrets(self, data):
+    def resolve_secrets(self, data, default_aws_profile):
         # Resolve interpolations representing secrets
         # Example:
         # value1: "{{ssm.path(mysecret)}}"
-        secrets_injector = SecretsInterpolationResolver(self.get_secret_injector(data))
-        secrets_injector.resolve_interpolations(data)
+        injector = SecretInjector(default_aws_profile)
+        secrets_resolver = SecretsInterpolationResolver(injector)
+        secrets_resolver.resolve_interpolations(data)
 
         return data
 
-    def get_secret_injector(self, data):
-        default_aws_profile = data['aws']['profile'] if 'aws' in data and 'profile' in data['aws'] else None
-        return SecretInjector(default_aws_profile)
-
 
 class DictIterator(object):
 
