bufferapp · kiriappeee · Sep 7, 2018
diff --git a/core/applychanges.go b/core/applychanges.go
@@ -4,22 +4,41 @@ import (
 	"encoding/base64"
 	"fmt"
 	"os"
+	"strings"
 )
 
+//CompareSecrets takes a secret that's about to be applied and compares it to a
+//secret that already exists on the server. It checks for values that will be added
+//newly, values that will be removed from the server if the secret is applying, and
+//which values will be changed. It also warns about potential errors in the base64
+//encoded values such as strings starting or ending with spaces or newlines. It returns
+//this as a map[string]string where the keys of the map are changes, additions, removals,
+//and warnings.
 func CompareSecrets(secretToBeApplied, existingSecret Secret) map[string]string {
 	compareResults := map[string]string{
 		"changes":   "",
 		"additions": "",
 		"removals":  "",
+		"warnings":  "",
 	}
 	for k, v := range secretToBeApplied.Data {
+		lv, err := base64.StdEncoding.DecodeString(v)
+		if err != nil {
+			fmt.Printf("Error while decoding local value for %s\n", k)
+			os.Exit(1)
+		}
+		localDecodedValue := string(lv)
+		if strings.HasPrefix(localDecodedValue, " ") {
+			compareResults["warnings"] += fmt.Sprintf("POSSIBLE ERROR: Value for %s begins with a space: The value is \"%s\"\n", k, localDecodedValue)
+		}
+		if strings.HasSuffix(localDecodedValue, " ") {
+			compareResults["warnings"] += fmt.Sprintf("POSSIBLE ERROR: Value for %s ends with a space: The value is \"%s\"\n", k, localDecodedValue)
+		}
+		if strings.HasSuffix(localDecodedValue, "\n") {
+			compareResults["warnings"] += fmt.Sprintf("POSSIBLE ERROR: Value for %s ends with a new line: The value is \"%s\"\n", k, localDecodedValue)
+		}
 		if existingSecretValue, exists := existingSecret.Data[k]; exists {
-			lv, err := base64.StdEncoding.DecodeString(v)
-			if err != nil {
-				fmt.Printf("Error while decoding local value for %s\n", k)
-				os.Exit(1)
-			}
-			localDecodedValue := string(lv)
+
 			rv, err := base64.StdEncoding.DecodeString(existingSecretValue)
 			if err != nil {
 				fmt.Printf("Error while decoding remote value for %s\n", k)
@@ -45,7 +64,7 @@ func CompareSecrets(secretToBeApplied, existingSecret Secret) map[string]string
 				fmt.Printf("Error while decoding remote value for %s\n", k)
 				os.Exit(1)
 			}
-			compareResults["removals"] += fmt.Sprintf("WARN: %s exists only in server and will be overwritten. Value for the key is: %s", k, string(rv))
+			compareResults["removals"] += fmt.Sprintf("WARN: %s exists only in server and will be removed upon applying. Value for the key is: %s", k, string(rv))
 		}
 	}
 	return compareResults

diff --git a/core/readsecret.go b/core/readsecret.go
@@ -8,6 +8,8 @@ import (
 	"gopkg.in/yaml.v2"
 )
 
+//ReadSecretFromFile takes a filename and reads the values to generate
+//a Secret type struct.
 func ReadSecretFromFile(filename string) (Secret, error) {
 	_, err := os.Stat(filename)
 	if os.IsNotExist(err) {

diff --git a/core/secretdef.go b/core/secretdef.go
@@ -5,6 +5,8 @@ type metadata struct {
 	Namespace string `json:"namespace"`
 }
 
+//Secret is the main type that has all the information we care about in a
+//secret file. It can be used to regenerate a secret document afresh.
 type Secret struct {
 	APIVersion string            `json:"apiVersion"`
 	Type       string            `json:"type"`