Created
September 22, 2025 03:42
-
-
Save ramosmerino/ae671e165896c433f67842658d615c47 to your computer and use it in GitHub Desktop.
Compara secretos de archivos Deployment y Secret de Kubernetes para confirmar la concordancia de ambos
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ruby | |
| require 'yaml' | |
| require 'optparse' | |
| DEFAULT_PATH = 'ci/manifests' | |
| # Parseo de opciones CLI | |
| options = {} | |
| OptionParser.new do |opts| | |
| opts.banner = "Usage: compare_yaml.rb [options]" | |
| opts.on("-p", "--path PATH", "Path to the YAML folder (default: #{DEFAULT_PATH})") do |path| | |
| options[:path] = path | |
| end | |
| end.parse! | |
| yaml_path = options[:path] || DEFAULT_PATH | |
| # Función para cargar los archivos YAML | |
| def load_yaml(file) | |
| YAML.load_file(file) rescue nil | |
| end | |
| # Encuentra archivos de tipo Deployment y Secret | |
| def find_files(path, type) | |
| Dir.glob(File.join(path, "#{type}_*.yaml")) | |
| end | |
| # Extrae los secretos del YAML tipo Deployment | |
| def extract_deployment_secrets(deployment_file) | |
| deployment = load_yaml(deployment_file) | |
| return [] unless deployment && deployment['kind'] == 'Deployment' | |
| containers = deployment.dig('spec', 'template', 'spec', 'containers') | |
| secrets = containers.flat_map do |container| | |
| container.dig('env')&.select { |env| env['name'] }&.map { |env| env['name'] } | |
| end | |
| secrets.compact.uniq | |
| end | |
| # Extrae los secretos del YAML tipo Secret | |
| def extract_secret_keys(secret_file) | |
| secret = load_yaml(secret_file) | |
| return [] unless secret && secret['kind'] == 'Secret' | |
| secret['data']&.keys || [] | |
| end | |
| # Compara los secretos entre Deployment y Secret | |
| def compare_secrets(deployment_file, secret_file) | |
| deployment_secrets = extract_deployment_secrets(deployment_file) | |
| secret_keys = extract_secret_keys(secret_file) | |
| { | |
| missing_in_secrets: deployment_secrets - secret_keys, | |
| unused_in_secrets: secret_keys - deployment_secrets | |
| } | |
| end | |
| # Realiza la comparación por cada entorno | |
| def compare_all(path) | |
| deployment_files = find_files(path, 'deployment') | |
| secret_files = find_files(path, 'secrets') | |
| results = {} | |
| deployment_files.each do |deployment_file| | |
| env = File.basename(deployment_file).match(/deployment_(.+)\.yaml/)[1] | |
| secret_file = secret_files.find { |sf| File.basename(sf) == "secrets_#{env}.yaml" } | |
| if secret_file | |
| results[env] = compare_secrets(deployment_file, secret_file) | |
| else | |
| results[env] = { error: "No matching Secret file found for #{deployment_file}" } | |
| end | |
| end | |
| results | |
| end | |
| def current_git_branch(path) | |
| Dir.chdir(path) do | |
| branch = `git rev-parse --abbrev-ref HEAD 2>/dev/null`.strip | |
| branch.empty? ? "No branch (detached or not a Git repo)" : branch | |
| end | |
| rescue | |
| "Not a Git repository" | |
| end | |
| # Generar y mostrar informe | |
| def print_report(results, branch) | |
| puts "Git Branch: #{branch}" | |
| puts "=" * 40 | |
| results.each do |env, result| | |
| puts "Environment: #{env}" | |
| if result[:error] | |
| puts " Error: #{result[:error]}" | |
| else | |
| puts " Missing in Secrets: #{result[:missing_in_secrets].join(', ')}" if result[:missing_in_secrets].any? | |
| puts " Unused in Secrets: #{result[:unused_in_secrets].join(', ')}" if result[:unused_in_secrets].any? | |
| puts " All secrets match!" if result[:missing_in_secrets].empty? && result[:unused_in_secrets].empty? | |
| end | |
| puts "-" * 40 | |
| end | |
| end | |
| branch = current_git_branch(yaml_path) | |
| results = compare_all(yaml_path) | |
| print_report(results, branch) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment