fix: reverting #63 binaryData change for now to fix reconciliation lo…

…op (#66)
isindir · Apr 29, 2021 · 6f57f2e · 6f57f2e
1 parent e1d0900
commit 6f57f2e
Show file tree

Hide file tree

Showing 13 changed files with 75 additions and 97 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -306,7 +306,7 @@ jobs:
             export SECRETS_NUMBER=$( kubectl get secrets --namespace sops \
               | awk '$0!~/default-token/ && $0!~/NAME/ { print $1; }' \
               | wc -l )
-            if [[ $SECRETS_NUMBER -ne 6 ]]; then
+            if [[ $SECRETS_NUMBER -ne 4 ]]; then
               echo "Expected number of secrets in sops namespace is 4 - Failed"
               tail -40 nohup.out
               exit 1

diff --git a/Makefile b/Makefile
@@ -1,6 +1,6 @@
 SHELL := /bin/bash
 GO := GO15VENDOREXPERIMENT=1 GO111MODULE=on GOPROXY=https://proxy.golang.org go
-SOPS_SEC_OPERATOR_VERSION := 0.1.16
+SOPS_SEC_OPERATOR_VERSION := 0.1.17
 
 # https://github.com/kubernetes-sigs/controller-tools/releases
 CONTROLLER_TOOLS_VERSION := "v0.3.0"

diff --git a/README.md b/README.md
@@ -162,15 +162,6 @@ spec:
     - name: some-token
       data:
         token: Wb4ziZdELkdUf6m6KtNd7iRjjQRvSeJno5meH4NAGHFmpqJyEsekZ2WjX232s4Gj
-    - name: secret-with-base64-encoded-binary-data
-      binaryData:
-        datakey: c29tZSBiaW5hcnkgZGF0YQ==
-        example: YW5vdGhlciBleGFtcGxlIG9mIGJpbmFyeSBkYXRh
-    - name: secret-with-mixed-data
-      data:
-        textdata: example data
-      binaryData:
-        bindata: YW5vdGhlciBleGFtcGxlIG9mIGJpbmFyeSBkYXRh
     - name: docker-login
       type: 'kubernetes.io/dockerconfigjson'
       data:

diff --git a/api/v1alpha2/sopssecret_types.go b/api/v1alpha2/sopssecret_types.go
@@ -29,12 +29,7 @@ type SopsSecretTemplate struct {
 
 	// Data map to use in Kubernetes secret (equivalent to Kubernetes Secret object stringData, please see for more
 	// information: https://kubernetes.io/docs/concepts/configuration/secret/#overview-of-secrets)
-	// +optional
-	Data map[string]string `json:"data,omitempty"`
-
-	// BinaryData is base64 data map to use in Kubernetes secret
-	// +optional
-	BinaryData map[string]string `json:"binaryData,omitempty"`
+	Data map[string]string `json:"data"`
 }
 
 // SopsSecretSpec defines the desired state of SopsSecret

diff --git a/api/v1alpha2/zz_generated.deepcopy.go b/api/v1alpha2/zz_generated.deepcopy.go
diff --git a/chart/helm3/sops-secrets-operator/Chart.yaml b/chart/helm3/sops-secrets-operator/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
-version: 0.7.5
-appVersion: 0.1.16
+version: 0.7.6
+appVersion: 0.1.17
 type: application
 description: sops secrets operator
 name: sops-secrets-operator

diff --git a/chart/helm3/sops-secrets-operator/tests/operator_test.yaml b/chart/helm3/sops-secrets-operator/tests/operator_test.yaml
@@ -30,8 +30,8 @@ tests:
             app.kubernetes.io/instance: sops
             app.kubernetes.io/managed-by: Helm
             app.kubernetes.io/name: sops-secrets-operator
-            app.kubernetes.io/version: 0.1.16
-            helm.sh/chart: sops-secrets-operator-0.7.5
+            app.kubernetes.io/version: 0.1.17
+            helm.sh/chart: sops-secrets-operator-0.7.6
 
   # template metadata and spec selector
   - it: should correctly render template metadata and spec selector
@@ -140,7 +140,7 @@ tests:
     asserts:
       - equal:
           path: spec.template.spec.containers[0].image
-          value: isindir/sops-secrets-operator:0.1.16
+          value: isindir/sops-secrets-operator:0.1.17
       - equal:
           path: spec.template.spec.containers[0].imagePullPolicy
           value: Always

diff --git a/chart/helm3/sops-secrets-operator/values.yaml b/chart/helm3/sops-secrets-operator/values.yaml
@@ -6,7 +6,7 @@ replicaCount: 1  # Deployment replica count  - should not be modified
 
 image:
   repository: isindir/sops-secrets-operator  # Operator image
-  tag: 0.1.16  # Operator image tag
+  tag: 0.1.17  # Operator image tag
   pullPolicy: Always  # Operator image pull policy
 
 imagePullSecrets: []  # Secrets to pull image from private docker repository

diff --git a/config/crd/bases/isindir.github.com_sopssecrets.yaml b/config/crd/bases/isindir.github.com_sopssecrets.yaml
@@ -174,12 +174,6 @@ spec:
                         type: string
                       description: Annotations to apply to Kubernetes secret
                       type: object
-                    binaryData:
-                      additionalProperties:
-                        type: string
-                      description: BinaryData is base64 data map to use in Kubernetes
-                        secret
-                      type: object
                     data:
                       additionalProperties:
                         type: string
@@ -202,6 +196,7 @@ spec:
                         kubernetes.io/ssh-auth, kubernetes.io/tls, bootstrap.kubernetes.io/token'
                       type: string
                   required:
+                  - data
                   - name
                   type: object
                 minItems: 1

diff --git a/config/samples/isindir_v1alpha2_sopssecret.yaml b/config/samples/isindir_v1alpha2_sopssecret.yaml
@@ -24,15 +24,6 @@ spec:
       data:
         data-name0: data-value0
         data-nameL: data-valueL
-    - name: secret-with-base64-encoded-binary-data
-      binaryData:
-        datakey: c29tZSBiaW5hcnkgZGF0YQ==
-        example: YW5vdGhlciBleGFtcGxlIG9mIGJpbmFyeSBkYXRh
-    - name: secret-with-mixed-data
-      data:
-        textdata: example data
-      binaryData:
-        bindata: YW5vdGhlciBleGFtcGxlIG9mIGJpbmFyeSBkYXRh
     - name: jenkins-secret
       labels:
         "jenkins.io/credentials-type": "usernamePassword"

diff --git a/controllers/sopssecret_controller.go b/controllers/sopssecret_controller.go
@@ -2,7 +2,6 @@ package controllers
 
 import (
 	"context"
-	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -175,7 +174,8 @@ func (r *SopsSecretReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error)
 		origSecret := foundSecret
 		foundSecret = foundSecret.DeepCopy()
 
-		foundSecret.Data = newSecret.Data
+		foundSecret.StringData = newSecret.StringData
+		foundSecret.Data = map[string][]byte{}
 		foundSecret.Type = newSecret.Type
 		foundSecret.ObjectMeta.Annotations = newSecret.ObjectMeta.Annotations
 		foundSecret.ObjectMeta.Labels = newSecret.ObjectMeta.Labels
@@ -257,16 +257,9 @@ func newSecretForCR(
 	}
 
 	// Construct Data for the secret
-	data := make(map[string][]byte)
-	for key, value := range secretTpl.BinaryData {
-		decoded, err := base64.StdEncoding.DecodeString(value)
-		if err != nil {
-			return nil, fmt.Errorf("newSecretForCR(): binaryData[%v] is not a valid base64 string", key)
-		}
-		data[key] = decoded
-	}
+	data := make(map[string]string)
 	for key, value := range secretTpl.Data {
-		data[key] = []byte(value)
+		data[key] = value
 	}
 
 	if secretTpl.Name == "" {
@@ -297,8 +290,8 @@ func newSecretForCR(
 			Labels:      labels,
 			Annotations: annotations,
 		},
-		Type: kubeSecretType,
-		Data: data,
+		Type:       kubeSecretType,
+		StringData: data,
 	}
 	return secret, nil
 }