search

viaduct-ai / kustomize-sops

KSOPS - A Flexible Kustomize Plugin for SOPS Encrypted Resources
Apache License 2.0
615 stars 83 forks source link

Using files together with secretFrom generates invalid yaml #221

Closed christoffer-eide closed 5 months ago

christoffer-eide commented 7 months ago

If files are used together with secretFrom, the generated yaml is invalid

apiVersion: viaduct.ai/v1
kind: ksops
metadata:
  name: ksops-multiple-generator
files:
  - ./secret-A.enc.yaml
  - ./secret-B.enc.yaml
  - ./secret-C.enc.yaml
secretFrom:
  - metadata:
      name: mysecret
    type: Opaque
    binaryFiles:
      - ./secret.enc.yaml
$ kustomize build --enable-alpha-plugins
Error: map[string]interface {}(nil): yaml: unmarshal errors:
  line 11: mapping key "apiVersion" already defined at line 1
  line 12: mapping key "data" already defined at line 2
  line 14: mapping key "kind" already defined at line 5
  line 15: mapping key "metadata" already defined at line 6
  line 17: mapping key "type" already defined at line 10

The reason is that a document separator (---) is missing:

kind: Secret
metadata:
    name: mysecret-C
stringData:
    application: kustomize-sops
type: Opaque
apiVersion: v1
data:
  secret.enc.yaml: dXNlcm5hbWU6IGFkbWluCnBhc3N3b3JkOiAxZjJkMWUyZTY3ZGYK
kind: Secret
metadata:
  name: mysecret
type: Opaque

I have worked around this by creating two generator files, one with only files and one with only secretFrom.