diff --git a/api/v1/syncedsecret_types.go b/api/v1/syncedsecret_types.go index 8073ca5..dc0fcc3 100644 --- a/api/v1/syncedsecret_types.go +++ b/api/v1/syncedsecret_types.go @@ -16,6 +16,7 @@ limitations under the License. package v1 import ( + corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) @@ -80,6 +81,10 @@ type SyncedSecretSpec struct { // DataFrom // +optional DataFrom *DataFrom `json:"dataFrom,omitempty"` + + // Type + // +optional + Type corev1.SecretType `json:"type,omitempty"` } // SyncedSecretStatus defines the observed state of SyncedSecret diff --git a/config/crd/bases/secrets.contentful.com_syncedsecrets.yaml b/config/crd/bases/secrets.contentful.com_syncedsecrets.yaml index 4b046af..c3b7f4c 100644 --- a/config/crd/bases/secrets.contentful.com_syncedsecrets.yaml +++ b/config/crd/bases/secrets.contentful.com_syncedsecrets.yaml @@ -92,6 +92,9 @@ spec: secretMetadata: description: Secret Metadata type: object + type: + description: Type + type: string type: object status: description: SyncedSecretStatus defines the observed state of SyncedSecret diff --git a/config/samples/secrets_v1_syncedsecret_specified_type.yaml b/config/samples/secrets_v1_syncedsecret_specified_type.yaml new file mode 100644 index 0000000..17484f2 --- /dev/null +++ b/config/samples/secrets_v1_syncedsecret_specified_type.yaml @@ -0,0 +1,16 @@ +apiVersion: secrets.contentful.com/v1 +kind: SyncedSecret +metadata: + name: syncedsecret-sample-ks + namespace: kube-secret-syncer +spec: + type: kubernetes.io/dockerconfigjson + secretMetadata: + name: demo-service-secret + namespace: kube-secret-syncer + annotations: + randomkey: randomval + data: + DB_NAME: database_name + DB_PASS: database_pass + secretid: secretsyncer/secret/sample diff --git a/pkg/k8ssecret/secret.go b/pkg/k8ssecret/secret.go index 9814def..5df43b1 100644 --- a/pkg/k8ssecret/secret.go +++ b/pkg/k8ssecret/secret.go @@ -153,13 +153,18 @@ func GenerateK8SSecret( } } + secretType := corev1.SecretTypeOpaque + if cs.Spec.Type != "" { + secretType = cs.Spec.Type + } + secret := &corev1.Secret{ TypeMeta: metav1.TypeMeta{ APIVersion: "v1", Kind: "Secret", }, ObjectMeta: secretMeta, - Type: "Opaque", + Type: secretType, Data: data, } diff --git a/pkg/k8ssecret/secret_test.go b/pkg/k8ssecret/secret_test.go index 55e11a2..0094077 100644 --- a/pkg/k8ssecret/secret_test.go +++ b/pkg/k8ssecret/secret_test.go @@ -161,6 +161,59 @@ func TestGenerateSecret(t *testing.T) { }, }, }, + { + name: "it should support fields with a hardcoded value for Secret Type", + have: have{ + SyncedSecret: secretsv1.SyncedSecret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "secret-name", + Namespace: "secret-namespace", + }, + Spec: secretsv1.SyncedSecretSpec{ + SecretMetadata: metav1.ObjectMeta{ + Name: "secret-name", + Namespace: "secret-namespace", + Annotations: map[string]string{ + "randomkey": "random/string", + }, + }, + Data: []*secretsv1.SecretField{ + { + Name: _s("foo"), + Value: _s("bar"), + }, + { + Name: _s("field2"), + Value: _s("value2"), + }, + }, + IAMRole: _s("iam_role"), + Type: "kubernetes.io/dockerconfigjson", + }, + }, + err: nil, + cachedSecrets: secretsmanager.Secrets{"cachedSecret1": {}, "cachedSecret2": {}}, + secretValueGetter: mockgetSecretValue, + }, + want: &corev1.Secret{ + TypeMeta: metav1.TypeMeta{ + Kind: "Secret", + APIVersion: "v1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "secret-name", + Namespace: "secret-namespace", + Annotations: map[string]string{ + "randomkey": "random/string", + }, + }, + Type: "kubernetes.io/dockerconfigjson", + Data: map[string][]byte{ + "foo": []byte("bar"), + "field2": []byte("value2"), + }, + }, + }, { name: "it should support references to a single field in an AWS Secret", have: have{