From f0e8e4ed9a2e4b11d6e34a32545e362342a72181 Mon Sep 17 00:00:00 2001
From: hatemosphere <hatemosphere@protonmail.com>
Date: Tue, 20 Nov 2018 12:34:51 +0200
Subject: [PATCH 1/2] Adding ability to suppress secrets in helm diff output

---
 decision_maker.go | 6 +++++-
 init.go           | 1 +
 main.go           | 1 +
 3 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/decision_maker.go b/decision_maker.go
index 1fa8c2b1..e424c06d 100644
--- a/decision_maker.go
+++ b/decision_maker.go
@@ -219,13 +219,17 @@ func diffRelease(r *release) string {
 	exitCode := 0
 	msg := ""
 	colorFlag := ""
+	suppressDiffSecretsFlag := ""
 	if noColors {
 		colorFlag = "--no-color "
 	}
+	if suppressDiffSecrets {
+		suppressDiffSecretsFlag = "--suppress-secrets "
+	}
 
 	cmd := command{
 		Cmd:         "bash",
-		Args:        []string{"-c", "helm diff " + colorFlag + "upgrade " + r.Name + " " + r.Chart + getValuesFiles(r) + " --version " + strconv.Quote(r.Version) + " " + getSetValues(r) + getSetStringValues(r) + getDesiredTillerNamespaceFlag(r) + getTLSFlags(r) + getNoHooks(r)},
+		Args:        []string{"-c", "helm diff " + colorFlag + suppressDiffSecretsFlag + "upgrade " + r.Name + " " + r.Chart + getValuesFiles(r) + " --version " + strconv.Quote(r.Version) + " " + getSetValues(r) + getSetStringValues(r) + getDesiredTillerNamespaceFlag(r) + getTLSFlags(r)},
 		Description: "diffing release [ " + r.Name + " ] using Tiller in [ " + getDesiredTillerNamespace(r) + " ]",
 	}
 
diff --git a/init.go b/init.go
index 5ee6026c..0a08a8b3 100644
--- a/init.go
+++ b/init.go
@@ -55,6 +55,7 @@ func init() {
 	flag.BoolVar(&applyLabels, "apply-labels", false, "apply Helmsman labels to Helm state for all defined apps.")
 	flag.BoolVar(&keepUntrackedReleases, "keep-untracked-releases", false, "keep releases that are managed by Helmsman and are no longer tracked in your desired state.")
 	flag.BoolVar(&showDiff, "show-diff", false, "show helm diff results. Can expose sensitive information.")
+	flag.BoolVar(&suppressDiffSecrets, "suppress-diff-secrets", false, "don't show secrets in helm diff output.")
 
 	flag.Usage = printUsage
 	flag.Parse()
diff --git a/main.go b/main.go
index 4c28bd47..635aa511 100644
--- a/main.go
+++ b/main.go
@@ -39,6 +39,7 @@ var kubectlVersion string
 var dryRun bool
 var destroy bool
 var showDiff bool
+var suppressDiffSecrets bool
 
 func main() {
 	// set the kubecontext to be used Or create it if it does not exist

From 42ede1c627b4854f17025b5453b0d7fa3f643fe6 Mon Sep 17 00:00:00 2001
From: hatemosphere <hatemosphere@protonmail.com>
Date: Wed, 21 Nov 2018 13:56:21 +0200
Subject: [PATCH 2/2] Changing Unmarshal to UnmarshalStrict to error on unknown
 YAML fields in spec

---
 utils.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/utils.go b/utils.go
index 7b973852..5476db63 100644
--- a/utils.go
+++ b/utils.go
@@ -86,7 +86,7 @@ func fromYAML(file string, s *state) (bool, string) {
 		return false, err.Error()
 	}
 	yamlFile := []byte(substituteEnv(string(rawYamlFile)))
-	if err = yaml.Unmarshal(yamlFile, s); err != nil {
+	if err = yaml.UnmarshalStrict(yamlFile, s); err != nil {
 		return false, err.Error()
 	}