fix: secret parsing

Lasserich · Lasserich · commit 2469c48bd631 · 2025-09-08T10:15:42.000+02:00
diff --git a/generate-yaml-rp-env.sh b/generate-yaml-rp-env.sh
@@ -34,15 +34,17 @@ process_file() {
             if [[ -n "$env_value" ]]; then
                 # Special handling for CIS_CREDENTIAL or similar JSON structures
                 if [[ "$var_name" == "CIS_CREDENTIAL" ]] || [[ "$var_name" == "CIS_CENTRAL_BINDING" ]]; then
-                    # Validate and format CIS credential JSON
-                    if ! echo "$env_value" | jq empty 2>/dev/null; then
+                    # First escape any literal newlines and other control characters for proper JSON parsing
+                    escaped_json=$(printf '%s' "$env_value" | sed ':a;N;$!ba;s/\n/\\n/g' | sed 's/\r/\\r/g' | sed 's/\t/\\t/g')
+                    
+                    # Validate the escaped JSON
+                    if ! echo "$escaped_json" | jq empty 2>/dev/null; then
                         echo "Error: $var_name contains invalid JSON"
-                        exit 1
+                        exit 1‚
                     fi
                     
-                    # Clean JSON and properly escape for parsing
-                    # NOTE: Because the certificate contains \n characters, which are escaped by jq, we need to remove \\n manually from the string
-                    clean_value=$(echo "$env_value" | jq . | sed 's/\\\\n//g')
+                    # Process with jq and then clean up the escaped newlines
+                    clean_value=$(echo "$escaped_json" | jq -c . | sed 's/\\n//g')
                     line="${line//INJECT_ENV.${var_name}/${clean_value}}"
                 else
                     # For non-JSON variables, use direct substitution
diff --git a/providers/provider-btp/v1.0.3/setup/config.yaml b/providers/provider-btp/v1.0.3/setup/config.yaml
@@ -12,16 +12,6 @@ stringData:
           "password": "INJECT_ENV.TECHNICAL_USER_PASSWORD"
         }
 ---
-apiVersion: v1
-kind: Secret
-metadata:
-    namespace: default
-    name: cis-provider-secret
-type: Opaque
-stringData:
-    data: | 
-        INJECT_ENV.CIS_CENTRAL_BINDING
----
 apiVersion: btp.sap.crossplane.io/v1alpha1
 kind: ProviderConfig
 metadata:
@@ -41,3 +31,13 @@ spec:
             name: sa-provider-secret
             namespace: default
         source: Secret
+---
+apiVersion: v1
+kind: Secret
+metadata:
+    namespace: default
+    name: cis-provider-secret
+type: Opaque
+stringData:
+    data: | 
+        INJECT_ENV.CIS_CENTRAL_BINDING
