From 443c96a788baeb6fd76c57b30b568c6f3acad46e Mon Sep 17 00:00:00 2001 From: Yuriy Vlasov Date: Fri, 8 Nov 2024 14:25:58 +0200 Subject: [PATCH 1/2] Fixed decryption in components. Signed-off-by: Yuriy --- internal/decryptor/decryptor.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/internal/decryptor/decryptor.go b/internal/decryptor/decryptor.go index 48f7823f..cd24c06c 100644 --- a/internal/decryptor/decryptor.go +++ b/internal/decryptor/decryptor.go @@ -697,9 +697,13 @@ func recurseKustomizationFiles(root, path string, visit visitKustomization, visi return err } + // Components may contain resources as well, ... + // ...so we have to process both .resources and .components values + resources := append(kus.Resources, kus.Components...) + // Recurse over other resources in Kustomization, // repeating the above logic per item - for _, res := range kus.Resources { + for _, res := range resources { if !filepath.IsAbs(res) { res = filepath.Join(path, res) } From 681573b3e6e01c52499bf48841956de450a5ffa6 Mon Sep 17 00:00:00 2001 From: Yuriy Date: Sun, 10 Nov 2024 20:47:59 +0200 Subject: [PATCH 2/2] Added sops encryped .env in component test data Signed-off-by: Yuriy --- internal/controller/kustomization_decryptor_test.go | 4 ++++ .../test-dotenv/overlays/component/kustomization.yaml | 8 ++++++++ .../testdata/test-dotenv/overlays/component/year3.env | 7 +++++++ .../testdata/test-dotenv/overlays/kustomization.yaml | 2 ++ 4 files changed, 21 insertions(+) create mode 100644 internal/controller/testdata/test-dotenv/overlays/component/kustomization.yaml create mode 100644 internal/controller/testdata/test-dotenv/overlays/component/year3.env diff --git a/internal/controller/kustomization_decryptor_test.go b/internal/controller/kustomization_decryptor_test.go index 81fec3ce..253bf729 100644 --- a/internal/controller/kustomization_decryptor_test.go +++ b/internal/controller/kustomization_decryptor_test.go @@ -200,6 +200,10 @@ func TestKustomizationReconciler_Decryptor(t *testing.T) { g.Expect(k8sClient.Get(context.TODO(), types.NamespacedName{Name: "sops-year2", Namespace: id}, &year2Secret)).To(Succeed()) g.Expect(string(year2Secret.Data["year"])).To(Equal("year2")) + var year3Secret corev1.Secret + g.Expect(k8sClient.Get(context.TODO(), types.NamespacedName{Name: "sops-year3", Namespace: id}, &year3Secret)).To(Succeed()) + g.Expect(string(year3Secret.Data["year"])).To(Equal("year3")) + var encodedSecret corev1.Secret g.Expect(k8sClient.Get(context.TODO(), types.NamespacedName{Name: "sops-month", Namespace: id}, &encodedSecret)).To(Succeed()) g.Expect(string(encodedSecret.Data["month.yaml"])).To(Equal("month: May\n")) diff --git a/internal/controller/testdata/test-dotenv/overlays/component/kustomization.yaml b/internal/controller/testdata/test-dotenv/overlays/component/kustomization.yaml new file mode 100644 index 00000000..78520877 --- /dev/null +++ b/internal/controller/testdata/test-dotenv/overlays/component/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component +secretGenerator: + - name: sops-year3 + envs: + - year3.env +generatorOptions: + disableNameSuffixHash: true diff --git a/internal/controller/testdata/test-dotenv/overlays/component/year3.env b/internal/controller/testdata/test-dotenv/overlays/component/year3.env new file mode 100644 index 00000000..5e675cb8 --- /dev/null +++ b/internal/controller/testdata/test-dotenv/overlays/component/year3.env @@ -0,0 +1,7 @@ +year=ENC[AES256_GCM,data:c+S7GjA=,iv:bcYeALfyGDWlXi5UqOFVC2tCdex5MXaJKxn6awDIfAI=,tag:UQepDih41dSSUiebFYNxiw==,type:str] +sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4L01FcTR6dVpPR1JpNldW\nSURuaHBEZ3RrY1hpS1Mxam10VEhVSE85RG5NClFTZHEvQzBnbjVHK3VydEIxVkZE\ncEI0a1hVMmtVSXZjNU5VQXBVV2RIS0UKLS0tIEZlUndyWEVZZUl1bHI0a3JwS2M1\nQnNNcFZxaTNzWlZoSFRpdWd2QUJjNGcKzEaQDRjvnFPkwCXL6K5s5guI5xP0urcD\nfeYHuyAS9Td0l/5fTyDlLv6jFJ09QS1ob0OL0GAvknwjbRlbaWjrAA==\n-----END AGE ENCRYPTED FILE-----\n +sops_age__list_0__map_recipient=age1l44xcng8dqj32nlv6d930qvvrny05hglzcv9qpc7kxjc6902ma4qufys29 +sops_lastmodified=2024-11-10T18:49:59Z +sops_mac=ENC[AES256_GCM,data:jeyF+D6Y5tGtcaxWfK65PlbjZLicI1lFi0uEcEq2fLVv9vPCpSO/iAfGGOqQiMPbndAV7FdqeFCSXC4gmf27gysR3FvHnYrbLZDO+fZm5K6Fk2IReSCZIHLxVGUlC9E5z1NFfPjJdD3fMM5I6sT7Cpn6xCg/rHavmfOEwW2dU94=,iv:kgxhX2NhFEmgfbOD7FpiXI+WXXZrpzf7R8r1RMSPPjs=,tag:aHge+qF1wsAszeTL25HtBw==,type:str] +sops_unencrypted_suffix=_unencrypted +sops_version=3.9.0 diff --git a/internal/controller/testdata/test-dotenv/overlays/kustomization.yaml b/internal/controller/testdata/test-dotenv/overlays/kustomization.yaml index fae4d26e..cf4cfa33 100644 --- a/internal/controller/testdata/test-dotenv/overlays/kustomization.yaml +++ b/internal/controller/testdata/test-dotenv/overlays/kustomization.yaml @@ -8,3 +8,5 @@ secretGenerator: - year1.env generatorOptions: disableNameSuffixHash: true +components: + - component