feat: enable secret types

api/v1/syncedsecret_types.go

@@ -16,6 +16,7 @@ limitations under the License.
 package v1
 
 import (
+	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
@@ -80,6 +81,10 @@ type SyncedSecretSpec struct {
 	// DataFrom
 	// +optional
 	DataFrom *DataFrom `json:"dataFrom,omitempty"`
+
+	// Type
+	// +optional
+	Type corev1.SecretType `json:"type,omitempty"`
 }
 
 // SyncedSecretStatus defines the observed state of SyncedSecret

config/crd/bases/secrets.contentful.com_syncedsecrets.yaml

@@ -92,6 +92,9 @@ spec:
             secretMetadata:
               description: Secret Metadata
               type: object
+            type:
+              description: Type
+              type: string
           type: object
         status:
           description: SyncedSecretStatus defines the observed state of SyncedSecret

config/samples/secrets_v1_syncedsecret_specified_type.yaml

@@ -0,0 +1,16 @@
+apiVersion: secrets.contentful.com/v1
+kind: SyncedSecret
+metadata:
+  name: syncedsecret-sample-ks
+  namespace: kube-secret-syncer
+spec:
+  type: kubernetes.io/dockerconfigjson
+  secretMetadata:
+    name: demo-service-secret
+    namespace: kube-secret-syncer
+    annotations:
+      randomkey: randomval
+  data:
+    DB_NAME: database_name
+    DB_PASS: database_pass
+  secretid: secretsyncer/secret/sample

pkg/k8ssecret/secret.go

@@ -153,13 +153,18 @@ func GenerateK8SSecret(
 		}
 	}
 
+	secretType := corev1.SecretTypeOpaque
+	if cs.Spec.Type != "" {
+		secretType = cs.Spec.Type
+	}
+
 	secret := &corev1.Secret{
 		TypeMeta: metav1.TypeMeta{
 			APIVersion: "v1",
 			Kind:       "Secret",
 		},
 		ObjectMeta: secretMeta,
-		Type:       "Opaque",
+		Type:       secretType,
 		Data:       data,
 	}
 

pkg/k8ssecret/secret_test.go

@@ -161,6 +161,59 @@ func TestGenerateSecret(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "it should support fields with a hardcoded value for Secret Type",
+			have: have{
+				SyncedSecret: secretsv1.SyncedSecret{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "secret-name",
+						Namespace: "secret-namespace",
+					},
+					Spec: secretsv1.SyncedSecretSpec{
+						SecretMetadata: metav1.ObjectMeta{
+							Name:      "secret-name",
+							Namespace: "secret-namespace",
+							Annotations: map[string]string{
+								"randomkey": "random/string",
+							},
+						},
+						Data: []*secretsv1.SecretField{
+							{
+								Name:  _s("foo"),
+								Value: _s("bar"),
+							},
+							{
+								Name:  _s("field2"),
+								Value: _s("value2"),
+							},
+						},
+						IAMRole: _s("iam_role"),
+						Type:    "kubernetes.io/dockerconfigjson",
+					},
+				},
+				err:               nil,
+				cachedSecrets:     secretsmanager.Secrets{"cachedSecret1": {}, "cachedSecret2": {}},
+				secretValueGetter: mockgetSecretValue,
+			},
+			want: &corev1.Secret{
+				TypeMeta: metav1.TypeMeta{
+					Kind:       "Secret",
+					APIVersion: "v1",
+				},
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "secret-name",
+					Namespace: "secret-namespace",
+					Annotations: map[string]string{
+						"randomkey": "random/string",
+					},
+				},
+				Type: "kubernetes.io/dockerconfigjson",
+				Data: map[string][]byte{
+					"foo":    []byte("bar"),
+					"field2": []byte("value2"),
+				},
+			},
+		},
 		{
 			name: "it should support references to a single field in an AWS Secret",
 			have: have{