helmfile
diff --git a/‎.golangci.yaml‎
Lines changed: 53 additions & 42 deletions b/‎.golangci.yaml‎
Lines changed: 53 additions & 42 deletions
diff --git a/‎Makefile‎
Lines changed: 1 addition & 1 deletion b/‎Makefile‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎README.md‎
Lines changed: 55 additions & 31 deletions b/‎README.md‎
Lines changed: 55 additions & 31 deletions
diff --git a/‎pkg/expansion/expand_match_test.go‎
Lines changed: 3 additions & 3 deletions b/‎pkg/expansion/expand_match_test.go‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎pkg/providers/bitwarden/bitwarden.go‎
Lines changed: 2 additions & 2 deletions b/‎pkg/providers/bitwarden/bitwarden.go‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎pkg/providers/conjur/conjur_test.go‎
Lines changed: 1 addition & 1 deletion b/‎pkg/providers/conjur/conjur_test.go‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎pkg/providers/doppler/doppler.go‎
Lines changed: 5 additions & 6 deletions b/‎pkg/providers/doppler/doppler.go‎
Lines changed: 5 additions & 6 deletions
@@ -19,18 +19,6 @@ run:
   # build-tags:
   #   - mytag
 
-  # which dirs to skip: issues from them won't be reported;
-  # can use regexp here: generated.*, regexp is applied on full path;
-  # default value is empty list, but default dirs are skipped independently
-  # from this option's value (see skip-dirs-use-default).
-  # skip-dirs:
-  #   - src/external_libs
-  #   - autogenerated_by_my_lib
-
-  # default is true. Enables skipping of directories:
-  #   vendor$, third_party$, testdata$, examples$, Godeps$, builtin$
-  skip-dirs-use-default: true
-
   # which files to skip: they will be analyzed, but issues from them
   # won't be reported. Default value is empty list, but there is
   # no need to include all autogenerated files, we confidently recognize
@@ -51,8 +39,35 @@ run:
 
 # output configuration options
 output:
-  # colored-line-number|line-number|json|tab|checkstyle|code-climate, default is "colored-line-number"
-  format: line-number
+  # The formats used to render issues.
+  # Formats:
+  # - `colored-line-number`
+  # - `line-number`
+  # - `json`
+  # - `colored-tab`
+  # - `tab`
+  # - `html`
+  # - `checkstyle`
+  # - `code-climate`
+  # - `junit-xml`
+  # - `junit-xml-extended`
+  # - `github-actions`
+  # - `teamcity`
+  # - `sarif`
+  # Output path can be either `stdout`, `stderr` or path to the file to write to.
+  #
+  # For the CLI flag (`--out-format`), multiple formats can be specified by separating them by comma.
+  # The output can be specified for each of them by separating format name and path by colon symbol.
+  # Example: "--out-format=checkstyle:report.xml,json:stdout,colored-line-number"
+  # The CLI flag (`--out-format`) override the configuration file.
+  #
+  # Default:
+  #   formats:
+  #     - format: colored-line-number
+  #       path: stdout
+  formats:
+    - format: line-number
+      path: stdout
 
   # print lines of code with issue, default is true
   print-issued-lines: true
@@ -88,13 +103,15 @@ linters-settings:
 
   # Disable error checking, as errorcheck detects more errors and is more configurable.
   gosec:
-    exclude:
-    - "G104"
+    excludes:
+      - "G104"
 
   govet:
     # report about shadowed variables
-    check-shadowing: false
-
+    enable:
+      - fieldalignment
+    disable:
+      - shadow
     # settings per analyzer
     settings:
       printf: # analyzer name, run `go tool vet help` to see all analyzers
@@ -111,13 +128,15 @@ linters-settings:
     # disable:
     #   - shadow
     # disable-all: false
-  golint:
+  revive:
     # minimal confidence for issues, default is 0.8
-    min-confidence: 0.8
+    confidence: 0.8
+    ignore-generated-header: true
+    severity: warning
   gofmt:
     # simplify code: gofmt with `-s` option, true by default
     simplify: true
-  goimports:
+  # goimports:
     # put imports beginning with prefix after 3rd-party packages;
     # it's a comma-separated list of prefixes
     # local-prefixes: github.com/org/project
@@ -127,9 +146,6 @@ linters-settings:
   gocognit:
     # minimal code complexity to report, 30 by default (but we recommend 10-20)
     min-complexity: 100
-  maligned:
-    # print struct with more effective memory layout or not, false by default
-    suggest-new: true
   dupl:
     # tokens count to trigger issue, 150 by default
     threshold: 100
@@ -139,13 +155,12 @@ linters-settings:
     # minimal occurrences count to trigger, 3 by default
     min-occurrences: 8
   depguard:
-    list-type: blacklist
-    include-go-root: false
-    packages:
-      - github.com/sirupsen/logrus
-    packages-with-error-messages:
-      # specify an error message to output when a blacklisted package is used
-      github.com/sirupsen/logrus: "logging is allowed only by logutils.Log"
+    rules:
+      main:
+        deny:
+          - pkg: github.com/sirupsen/logrus
+            desc: "logging is allowed only by logutils.Log"
+        list-mode: lax
   misspell:
     # Correct spellings using locale preferences for US or UK.
     # Default is to use a neutral variety of English.
@@ -159,12 +174,6 @@ linters-settings:
     line-length: 120
     # tab width in spaces. Default to 1.
     tab-width: 1
-  unused:
-    # treat code as a program (not a library) and report unused exported identifiers; default is false.
-    # XXX: if you enable this setting, unused will report a lot of false-positives in text editors:
-    # if it's called for subdir of a project it can't find funcs usages. All text editor integrations
-    # with golangci-lint call it on a directory with the changed file.
-    check-exported: false
   unparam:
     # Inspect exported functions, default is false. Set to true if no external program/library imports your code.
     # XXX: if you enable this setting, unparam will report a lot of false-positives in text editors:
@@ -237,9 +246,6 @@ linters-settings:
     allow-trailing-comment: false
     # Force newlines in end of case at this limit (0 = never).
     force-case-trailing-whitespace: 0
-  revive:
-    ignore-generated-header: true
-    severity: warning
   funlen:
     # Checks the number of lines in a function.
     # If lower than 0, disable the check.
@@ -270,7 +276,7 @@ linters:
     - ineffassign
     - misspell
     - nakedret
-    - exportloopref
+    - copyloopvar
     - staticcheck
     - typecheck
     - unconvert
@@ -338,6 +344,11 @@ issues:
   # Default value for this option is true.
   exclude-use-default: false
 
+  # Enables exclude of directories:
+  # - vendor$, third_party$, testdata$, examples$, Godeps$, builtin$
+  # Default: true
+  exclude-dirs-use-default: true
+
   # Maximum issues count per one linter. Set to 0 to disable. Default is 50.
   max-issues-per-linter: 0
 
@@ -357,4 +368,4 @@ issues:
   # new-from-rev: REV
 
   # Show only new issues created in git patch with set file path.
-  # new-from-patch: path/to/patch/file
+  # new-from-patch: path/to/patch/file
@@ -16,4 +16,4 @@ lint:
 test:
 	go test -v ${PKGS} -coverprofile cover.out -race -p=1
 	go tool cover -func cover.out
-.PHONY: test
+.PHONY: test
@@ -207,31 +207,53 @@ Please see the [relevant unit test cases](https://github.com/helmfile/vals/blob/
 
 ## Supported Backends
 
-- [Vault](#vault)
-- [AWS SSM Parameter Store](#aws-ssm-parameter-store)
-- [AWS Secrets Manager](#aws-secrets-manager)
-- [AWS S3](#aws-s3)
-- [GCP Secrets Manager](#gcp-secrets-manager)
-- [GCP KMS](#gcp-kms)
-- [Google Sheets](#google-sheets)
-- [Google GCS](#google-gcs)
-- [SOPS](#sops) powered by [sops](https://github.com/getsops/sops)
-- [Terraform (tfstate)](#terraform-tfstate) powered by [tfstate-lookup](https://github.com/fujiwara/tfstate-lookup)
-- [Keychain](#keychain)
-- [Echo](#echo)
-- [File](#file)
-- [Azure Key Vault](#azure-key-vault)
-- [EnvSubst](#envsubst)
-- [GitLab](#gitlab)
-- [1Password](#1password)
-- [1Password Connect](#1password-connect)
-- [Doppler](#doppler)
-- [Pulumi State](#pulumi-state)
-- [Kubernetes](#kubernetes)
-- [Conjur](#conjur)
-- [HCP Vault Secrets](#hcp-vault-secrets)
-- [HTTP JSON](#http-json)
-- [Bitwarden](#bitwarden)
+- [vals](#vals)
+  - [Usage](#usage)
+- [CLI](#cli)
+    - [Helm](#helm)
+    - [Go](#go)
+  - [Expression Syntax](#expression-syntax)
+  - [Supported Backends](#supported-backends)
+    - [Vault](#vault)
+    - [Authentication](#authentication)
+    - [AWS](#aws)
+      - [AWS SSM Parameter Store](#aws-ssm-parameter-store)
+      - [AWS Secrets Manager](#aws-secrets-manager)
+      - [AWS S3](#aws-s3)
+      - [AWS KMS](#aws-kms)
+      - [Google GCS](#google-gcs)
+    - [GCP Secrets Manager](#gcp-secrets-manager)
+    - [GCP KMS](#gcp-kms)
+    - [Google Sheets](#google-sheets)
+    - [Terraform (tfstate)](#terraform-tfstate)
+    - [Terraform in GCS bucket (tfstategs)](#terraform-in-gcs-bucket-tfstategs)
+    - [Terraform in S3 bucket (tfstates3)](#terraform-in-s3-bucket-tfstates3)
+    - [Terraform in AzureRM Blob storage (tfstateazurerm)](#terraform-in-azurerm-blob-storage-tfstateazurerm)
+    - [Terraform in Terraform Cloud / Terraform Enterprise (tfstateremote)](#terraform-in-terraform-cloud--terraform-enterprise-tfstateremote)
+    - [SOPS](#sops)
+    - [Keychain](#keychain)
+    - [Echo](#echo)
+    - [File](#file)
+    - [Azure Key Vault](#azure-key-vault)
+      - [Authentication](#authentication-1)
+    - [EnvSubst](#envsubst)
+    - [GitLab Secrets](#gitlab-secrets)
+    - [1Password](#1password)
+    - [1Password Connect](#1password-connect)
+    - [Doppler](#doppler)
+    - [Pulumi State](#pulumi-state)
+    - [Kubernetes](#kubernetes)
+    - [Conjur](#conjur)
+    - [HCP Vault Secrets](#hcp-vault-secrets)
+    - [Bitwarden](#bitwarden)
+    - [HTTP JSON](#http-json)
+      - [Fetch string value](#fetch-string-value)
+      - [Fetch integer value](#fetch-integer-value)
+  - [Advanced Usages](#advanced-usages)
+    - [Discriminating config and secrets](#discriminating-config-and-secrets)
+  - [Non-Goals](#non-goals)
+    - [Complex String-Interpolation / Template Functions](#complex-string-interpolation--template-functions)
+    - [Merge](#merge)
 
 Please see [pkg/providers](https://github.com/helmfile/vals/tree/master/pkg/providers) for the implementations of all the providers. The package names corresponds to the URI schemes.
 
@@ -779,11 +801,12 @@ Examples:
 
 Fetch value from Kubernetes:
 
-- `ref+k8s://API_VERSION/KIND/NAMESPACE/NAME/KEY[?kubeConfigPath=<path_to_kubeconfig>&kubeContext=<kubernetes context name>]`
+- `ref+k8s://API_VERSION/KIND/NAMESPACE/NAME/KEY[?kubeConfigPath=<path_to_kubeconfig>&kubeContext=<kubernetes context name>&inCluster]`
 
-Authentication to the Kubernetes cluster is done by referencing the local kubeconfig file.
+Authentication to the Kubernetes cluster is done by referencing the local kubeconfig file or in-cluster config.
 The path to the kubeconfig can be specified as a URI parameter, read from the `KUBECONFIG` environment variable or the provider will attempt to read `$HOME/.kube/config`.
 The Kubernetes context can be specified as a URI parameteter.
+If `?inCluster` is passed in the URI, ensure the pod running the `vals`command has the appropriate RBAC permissions to access the ConfigMap/Secret.
 
 Environment variables:
 
@@ -794,6 +817,7 @@ Examples:
 - `ref+k8s://v1/Secret/mynamespace/mysecret/foo`
 - `ref+k8s://v1/ConfigMap/mynamespace/myconfigmap/foo`
 - `ref+k8s://v1/Secret/mynamespace/mysecret/bar?kubeConfigPath=/home/user/kubeconfig`
+- `ref+k8s://v1/Secret/mynamespace/mysecret/foo?inCluster`
 - `secretref+k8s://v1/Secret/mynamespace/mysecret/baz`
 - `secretref+k8s://v1/Secret/mynamespace/mysecret/baz?kubeContext=minikube`
 
@@ -849,7 +873,7 @@ Example:
 
 
 ### Bitwarden
-This provider retrieves the secrets stored in Bitwarden. It uses the [Bitwarden Vault-Management API](https://bitwarden.com/help/vault-management-api/) that is included in the [Bitwarden CLI](https://github.com/bitwarden/clients) by executing `bw serve`. 
+This provider retrieves the secrets stored in Bitwarden. It uses the [Bitwarden Vault-Management API](https://bitwarden.com/help/vault-management-api/) that is included in the [Bitwarden CLI](https://github.com/bitwarden/clients) by executing `bw serve`.
 
 Environment variables:
 
@@ -872,7 +896,7 @@ Examples:
 
 This provider retrieves values stored in JSON hosted by a HTTP frontend.
 
-This provider is built on top of [jsonquery](https://pkg.go.dev/github.com/antchfx/jsonquery@v1.3.3) and [xpath](https://pkg.go.dev/github.com/antchfx/xpath@v1.2.3) packages.  
+This provider is built on top of [jsonquery](https://pkg.go.dev/github.com/antchfx/jsonquery@v1.3.3) and [xpath](https://pkg.go.dev/github.com/antchfx/xpath@v1.2.3) packages.
 
 Given the diverse array of JSON structures that can be encountered, utilizing jsonquery with XPath presents a more effective approach for handling this variability in data structures.
 
@@ -896,7 +920,7 @@ Let's say you want to fetch the below JSON object from https://api.github.com/us
         "name": "go-yaml"
     }
 ]
-``` 
+```
 ```
 # To get name="chartify" using https protocol you would use:
 ref+httpjson://api.github.com/users/helmfile/repos#///*[1]/name
@@ -919,7 +943,7 @@ Let's say you want to fetch the below JSON object from https://api.github.com/us
         "id": 251296379
     }
 ]
-``` 
+```
 ```
 # Running the following will return: 2.51296379e+08
 ref+httpjson://api.github.com/users/helmfile/repos#///*[1]/id
 
@@ -9,11 +9,11 @@ import (
 
 func TestExpandRegexpMatchInString(t *testing.T) {
 	testcases := []struct {
-		name     string
 		regex    *regexp.Regexp
-		only     []string
+		name     string
 		input    string
 		expected string
+		only     []string
 	}{
 		{
 			name:     "ref",
@@ -174,10 +174,10 @@ func TestExpandRegexpMatchInString(t *testing.T) {
 
 func TestExpandRegexpMatchInMap(t *testing.T) {
 	testcases := []struct {
-		name     string
 		regex    *regexp.Regexp
 		input    map[string]interface{}
 		expected map[string]interface{}
+		name     string
 	}{
 		{
 			name:     "string",
 
@@ -20,9 +20,9 @@ type bwData struct {
 }
 
 type bwResponse struct {
-	Success bool   `json:"success"`
-	Message string `json:"message"`
 	Data    bwData `json:"data"`
+	Message string `json:"message"`
+	Success bool   `json:"success"`
 }
 
 type provider struct {
 
@@ -12,10 +12,10 @@ import (
 
 func Test_New(t *testing.T) {
 	testsConfig := []struct {
-		name    string
 		options map[string]interface{}
 		envVars map[string]string
 		want    *provider
+		name    string
 	}{
 		{
 			name: "onlyConf",
 
@@ -14,15 +14,14 @@ import (
 )
 
 type provider struct {
-	log       *log.Logger
-	Proto     string
-	Host      string
-	Address   string
-	VerifyTLS bool
-
+	log                    *log.Logger
+	Proto                  string
+	Host                   string
+	Address                string
 	Token                  string
 	Project                string
 	Config                 string
+	VerifyTLS              bool
 	IncludeDopplerDefaults bool
 }
Original file line number	Diff line number	Diff line change
`@@ -20,9 +20,9 @@ type bwData struct {`
`20`	`20`	`}`
`21`	`21`
`22`	`22`	`type bwResponse struct {`
`23`		- Success bool `json:"success"`
`24`		- Message string `json:"message"`
`25`	`23`	Data bwData `json:"data"`
	`24`	+ Message string `json:"message"`
	`25`	+ Success bool `json:"success"`
`26`	`26`	`}`
`27`	`27`
`28`	`28`	`type provider struct {`