Retrieving a file and adding it via a secrets resource is difficult

[MikaelSmith]

I want to do something like

kubernetes_secret { $secret_name:
  ensure   => present,
  data     => {
    'credentials.json' => base64('encode', file($credential_path), 'strict'),
  },
  metadata => {
    'name'      => $secret_name,
    'namespace' => $namespace,
  },
}

However, I'm using google-cloud modules to create the credentials.json file like

  giam_service_account_key { "${account_name}_key":
    ensure           => present,
    service_account  => $account_name,
    path             => $credential_path,
    key_algorithm    => 'KEY_ALG_RSA_2048',
    private_key_type => 'TYPE_GOOGLE_CREDENTIALS_FILE',
    project          => $gcloud_project,
    credential       => $label,
  }
}

Meaning I can't apply the google-cloud resource in the same run as kubernetes_secret, because it will try to read the credential file during compilation, but create it as a resource during application.

This would be easier if the kubernetes_secret implementation was extended to allow referring to a file, and have the provider handle reading the file and base64 encoding it.

[MikaelSmith]

I think I might be able to accomplish this with Puppet's deferred feature now.