CHANGELOG.md

@@ -2,6 +2,17 @@
 
 All notable changes to this project are documented in this file.
 
+## 0.12.2
+
+**Release date:** 2021-06-02
+
+This prerelease comes with support for decrypting any file format used with
+[Kustomize `secretGenerator`](https://github.com/fluxcd/kustomize-controller/blob/v0.12.2/docs/spec/v1beta1/kustomization.md#kustomize-secretgenerator).
+
+Improvements:
+* Support decrypting any file format in secret generator
+  [#353](https://github.com/fluxcd/kustomize-controller/pull/353)
+
 ## 0.12.1
 
 **Release date:** 2021-05-26

Makefile

@@ -2,7 +2,7 @@
 IMG ?= fluxcd/kustomize-controller:latest
 # Produce CRDs that work back to Kubernetes 1.16
 CRD_OPTIONS ?= crd:crdVersions=v1
-SOURCE_VER ?= v0.13.0
+SOURCE_VER ?= v0.13.2
 
 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
 ifeq (,$(shell go env GOBIN))

config/default/kustomization.yaml

@@ -2,8 +2,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: kustomize-system
 resources:
-- https://github.com/fluxcd/source-controller/releases/download/v0.13.0/source-controller.crds.yaml
-- https://github.com/fluxcd/source-controller/releases/download/v0.13.0/source-controller.deployment.yaml
+- https://github.com/fluxcd/source-controller/releases/download/v0.13.2/source-controller.crds.yaml
+- https://github.com/fluxcd/source-controller/releases/download/v0.13.2/source-controller.deployment.yaml
 - ../crd
 - ../rbac
 - ../manager

config/manager/kustomization.yaml

@@ -5,4 +5,4 @@ resources:
 images:
   - name: fluxcd/kustomize-controller
     newName: fluxcd/kustomize-controller
-    newTag: v0.12.1
+    newTag: v0.12.2

controllers/kustomization_controller_sops_test.go

@@ -185,6 +185,10 @@ var _ = Describe("KustomizationReconciler", func() {
 			var daySecret corev1.Secret
 			Expect(k8sClient.Get(context.TODO(), types.NamespacedName{Name: "sops-day", Namespace: namespace.Name}, &daySecret)).To(Succeed())
 			Expect(string(daySecret.Data["secret"])).To(Equal("day=Tuesday\n"))
+
+			var encodedSecret corev1.Secret
+			Expect(k8sClient.Get(context.TODO(), types.NamespacedName{Name: "sops-month", Namespace: namespace.Name}, &encodedSecret)).To(Succeed())
+			Expect(string(encodedSecret.Data["month.yaml"])).To(Equal("month: May\n"))
 		})
 	})
 })

controllers/kustomization_decryptor.go

@@ -157,9 +157,9 @@ func (kd *KustomizeDecryptor) Decrypt(res *resource.Resource) (*resource.Resourc
 						return nil, fmt.Errorf("AES decrypt: %w", err)
 					}
 
-					binaryStore := common.StoreForFormat(formats.Binary)
+					outputStore := common.DefaultStoreForPath(key)
 
-					out, err := binaryStore.EmitPlainFile(tree.Branches)
+					out, err := outputStore.EmitPlainFile(tree.Branches)
 					if err != nil {
 						return nil, fmt.Errorf("EmitPlainFile: %w", err)
 					}

controllers/testdata/sops/.sops.yaml

@@ -4,6 +4,8 @@ creation_rules:
   - path_regex: \.age.yaml$
     encrypted_regex: ^(data|stringData)$
     age: age1l44xcng8dqj32nlv6d930qvvrny05hglzcv9qpc7kxjc6902ma4qufys29
+  - path_regex: month.yaml$
+    pgp: 35C1A64CD7FC0AB6EB66756B2445463C3234ECE1
   # fallback to PGP
   - encrypted_regex: ^(data|stringData)$
     pgp: 35C1A64CD7FC0AB6EB66756B2445463C3234ECE1

controllers/testdata/sops/month/kustomization.yaml

@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+secretGenerator:
+- name: sops-month
+  files:
+  - month.yaml
+generatorOptions:
+  disableNameSuffixHash: true

controllers/testdata/sops/month/month.yaml

@@ -0,0 +1,32 @@
+month: ENC[AES256_GCM,data:9e+R,iv:EzJxah6sCY2D9L76l/CuVq6qVq2ncJDYphm9gXE/ZgM=,tag:r82agynzHp/aOTVo6Iu9wg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2021-05-31T11:27:34Z"
+    mac: ENC[AES256_GCM,data:BV/jKqSzKr2sq/yA4HToFseOWOB04cYo+54Dby/Jp4ZuVwxNt1i02zncsvWyQZK5WFcvK47brvzN6fWJyyf5WnX+XISbuUDGMWjqNG/te3YKEY4ZqJUopDF/AxDZDkUC5KdnIln6RZqtHuJH18J35kakWFrg1YOJtI28ZVK5yBM=,iv:T6JJkYbfqpUz2AClToZtSsuVbUXcPD5nqaUhJJdH6Uc=,tag:jvmH8iyfivoGIt1k+Uodrg==,type:str]
+    pgp:
+        - created_at: "2021-05-31T11:27:34Z"
+          enc: |
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMA90SOJihaAjLAQ/9HYs2HyaYL9dOj8zIAr3JzqEFHlMX59Vw8kj9KxBQJXYQ
+            N3mE/HHQVBWk/36Pq/14n0Eals8GwivDDiJmovfeRASmb0/LnGQDzMkDGEJvyu7N
+            Q69rBjzVWbmMPgI0vQb0zTBRcUW+LnSijkv+H5mxuFnnZd8N3UeFLHX2oKNeA7O3
+            pYjjK8vr6KaXJqYfH+bFs29cnk0+xZiThr21cz40yFZD7ynns4xjdVtqI5bvGk/F
+            bDW7oGgJe+q/9OHKJaVESLrcZMe2lLxA7x821ssq6BlNzv9DHTc7PloVNepsze6d
+            MBTgzAZoH04ENQSiL9qo24AVGaFhUXak7MslxE8nhjFJD6sfb0Q/LtlhOSpDw7NR
+            gugPzQuQLGN9U54id0bql8CBi58g0wdxjo6kDlMYTEd9CZbugfM1pR1imknlgPLi
+            7ODDrWTTxnZm4+hZRj7EjMGlRshavPgZ/rgT1tTnjNw9c+llgCWW8Ei8JOEvA86M
+            DwsPzodesMO56yf3MJPAgakCapTH9VMad+E63yUMsNAX6+otrjgssvxg3j8KnjPp
+            Z7593P7RGYrRR+YwEi5nTHmDL1H80vP6pNnBGd7wLa3TLzypkDiZSKY6vq6vSIwd
+            QOpLX3VC2X53mtWmNm7oWxKLX3hKPrjTqBYE0EDK7Yc0q8rj++ygntOekI+WSm/S
+            XAG4Ufue6i2MTvnZmK/Byt+E/zT4jRmjRQImGekHB+rLYfM3Z85i6ExH4OCCWNqC
+            rg4DqrWTS8Nvt2PE5UC3Phqe51D4/ZrQPVPkFQftgQl44xECv4X8rI7RTux6
+            =HE0m
+            -----END PGP MESSAGE-----
+          fp: 35C1A64CD7FC0AB6EB66756B2445463C3234ECE1
+    unencrypted_suffix: _unencrypted
+    version: 3.7.1

go.mod

@@ -9,13 +9,13 @@ require (
 	github.com/Microsoft/go-winio v0.4.16 // indirect
 	github.com/cyphar/filepath-securejoin v0.2.2
 	github.com/drone/envsubst v1.0.3-0.20200804185402-58bc65f69603
-	github.com/fluxcd/kustomize-controller/api v0.12.1
+	github.com/fluxcd/kustomize-controller/api v0.12.2
 	github.com/fluxcd/pkg/apis/kustomize v0.0.1
 	github.com/fluxcd/pkg/apis/meta v0.9.0
 	github.com/fluxcd/pkg/runtime v0.11.0
 	github.com/fluxcd/pkg/testserver v0.0.2
 	github.com/fluxcd/pkg/untar v0.0.5
-	github.com/fluxcd/source-controller/api v0.13.0
+	github.com/fluxcd/source-controller/api v0.13.2
 	github.com/go-logr/logr v0.3.0
 	github.com/hashicorp/go-retryablehttp v0.6.8
 	github.com/howeyc/gopass v0.0.0-20170109162249-bf9dde6d0d2c

go.sum

@@ -204,8 +204,8 @@ github.com/fluxcd/pkg/testserver v0.0.2 h1:SoaMtO9cE5p/wl2zkGudzflnEHd9mk68CGjZO
 github.com/fluxcd/pkg/testserver v0.0.2/go.mod h1:pgUZTh9aQ44FSTQo+5NFlh7YMbUfdz1B80DalW7k96Y=
 github.com/fluxcd/pkg/untar v0.0.5 h1:UGI3Ch1UIEIaqQvMicmImL1s9npQa64DJ/ozqHKB7gk=
 github.com/fluxcd/pkg/untar v0.0.5/go.mod h1:O6V9+rtl8c1mHBafgqFlJN6zkF1HS5SSYn7RpQJ/nfw=
-github.com/fluxcd/source-controller/api v0.13.0 h1:p7SWHPpxco1EsGu2jnF0aCZcQcl4IYQzjcXf4K5GpcY=
-github.com/fluxcd/source-controller/api v0.13.0/go.mod h1:+EPyhxC7Y+hUnq7EwAkkLtfbwCxJxF5yfmiyzDk43KY=
+github.com/fluxcd/source-controller/api v0.13.2 h1:LdWeapRXal3FmxTKEMh6wshg7u8Z3V3IDiB8TOPwM9o=
+github.com/fluxcd/source-controller/api v0.13.2/go.mod h1:+EPyhxC7Y+hUnq7EwAkkLtfbwCxJxF5yfmiyzDk43KY=
 github.com/form3tech-oss/jwt-go v3.2.2+incompatible h1:TcekIExNqud5crz4xD2pavyTgWiPvpYe4Xau31I0PRk=
 github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=