diff --git a/docs/changelog.md b/docs/changelog.md index fb1eed3..930b655 100644 --- a/docs/changelog.md +++ b/docs/changelog.md @@ -2,7 +2,17 @@ All notable changes to this project will be documented in this file. -## [1.1.6] - Current +## [1.1.7] - Current + +### Fixed +- **Secrets with control characters**: Fixed `SyntaxError: Bad control character in string literal` when secrets contain newlines or special characters (e.g., GitHub App private keys) + - Replaced `JSON.parse(envsubst(JSON.stringify(obj)))` approach with `lodash.clonedeepwith` for safe environment variable substitution + - Now correctly handles private keys, tabs, carriage returns, and other control characters in secret values + +### Dependencies +- Added `lodash.clonedeepwith@^4.5.0` for safe deep object traversal with custom value substitution + +## [1.1.6] ### Added - **"next" tag support**: Both Helm and Operator deployments now support `RHDH_VERSION=next` diff --git a/package.json b/package.json index 461ade1..679892e 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "rhdh-e2e-test-utils", - "version": "1.1.6", + "version": "1.1.7", "description": "Test utilities for RHDH E2E tests", "license": "Apache-2.0", "type": "module", @@ -74,6 +74,7 @@ "@playwright/test": "^1.57.0", "@types/fs-extra": "^11.0.4", "@types/js-yaml": "^4.0.9", + "@types/lodash.clonedeepwith": "^4.5.9", "@types/lodash.mergewith": "^4.6.9", "@types/node": "^24.10.1" }, @@ -87,6 +88,7 @@ "eslint-plugin-playwright": "^2.4.0", "fs-extra": "^11.3.2", "js-yaml": "^4.1.1", + "lodash.clonedeepwith": "^4.5.0", "lodash.mergewith": "^4.6.2", "otplib": "12.0.1", "prettier": "^3.7.4", diff --git a/src/deployment/rhdh/deployment.ts b/src/deployment/rhdh/deployment.ts index 14151de..a71e2c6 100644 --- a/src/deployment/rhdh/deployment.ts +++ b/src/deployment/rhdh/deployment.ts @@ -8,6 +8,7 @@ import { generateDynamicPluginsConfigFromMetadata, } from "../../utils/plugin-metadata.js"; import { envsubst } from "../../utils/common.js"; +import cloneDeepWith from "lodash.clonedeepwith"; import fs from "fs-extra"; import { DEFAULT_CONFIG_PATHS, @@ -81,9 +82,15 @@ export class RHDHDeployment { this.deploymentConfig.secrets, ]); + // Use cloneDeepWith to substitute env vars in-place, avoiding JSON.parse issues + // with control characters in secrets (e.g., private keys with newlines) + const substituted = cloneDeepWith(secretsYaml, (value: unknown) => { + if (typeof value === "string") return envsubst(value); + }); + await this.k8sClient.applySecretFromObject( "rhdh-secrets", - JSON.parse(envsubst(JSON.stringify(secretsYaml))), + substituted as { stringData?: Record }, this.deploymentConfig.namespace, ); } diff --git a/yarn.lock b/yarn.lock index 3f45814..06e490b 100644 --- a/yarn.lock +++ b/yarn.lock @@ -362,6 +362,15 @@ __metadata: languageName: node linkType: hard +"@types/lodash.clonedeepwith@npm:^4.5.9": + version: 4.5.9 + resolution: "@types/lodash.clonedeepwith@npm:4.5.9" + dependencies: + "@types/lodash": "*" + checksum: c690fb28126f7248894f08abe13d6c7684dd0a4e9ac545a419a8687438b50d2e6fe32b31176c65a394d3ade4fd16a145ecbf77e7521992414bf657b8b1d936c8 + languageName: node + linkType: hard + "@types/lodash.mergewith@npm:^4.6.9": version: 4.6.9 resolution: "@types/lodash.mergewith@npm:4.6.9" @@ -1642,6 +1651,13 @@ __metadata: languageName: node linkType: hard +"lodash.clonedeepwith@npm:^4.5.0": + version: 4.5.0 + resolution: "lodash.clonedeepwith@npm:4.5.0" + checksum: 9fbf4ebfa04b381df226a2298eba680327bea3d0d5d19c5118de7ae218fd219186e30e9fd0d33b13729f34ffbc83c1cf09cb27aff265ba94cb602b8a2b1e71c9 + languageName: node + linkType: hard + "lodash.merge@npm:^4.6.2": version: 4.6.2 resolution: "lodash.merge@npm:4.6.2" @@ -2128,6 +2144,7 @@ __metadata: "@playwright/test": ^1.57.0 "@types/fs-extra": ^11.0.4 "@types/js-yaml": ^4.0.9 + "@types/lodash.clonedeepwith": ^4.5.9 "@types/lodash.mergewith": ^4.6.9 "@types/node": ^24.10.1 eslint: ^9.39.1 @@ -2135,6 +2152,7 @@ __metadata: eslint-plugin-playwright: ^2.4.0 fs-extra: ^11.3.2 js-yaml: ^4.1.1 + lodash.clonedeepwith: ^4.5.0 lodash.mergewith: ^4.6.2 otplib: 12.0.1 prettier: ^3.7.4