Allow secret generation from literals (currently silently ignored)

[blinkeye]

Literals are not supported, even though 64a42f29db suggests it.

Example script which creates two secrets from a literal, once a regular secret and once a ksops secret:

#!/usr/bin/env bash

# note: tested with .sops.yaml
# creation_rules:
#   # default rule
#   - age: "age..."
#     unencrypted_regex: "^(apiVersion|metadata|kind|type)$"

DEMO=$(mktemp -d)
MYAPP=$DEMO/myapp
mkdir -p $MYAPP
cd $MYAPP

cat <<EOF >kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: my-namespace

generators:
 - secret-generator.yaml

secretGenerator:
  - name: my-credentials-pristine
    literals:
      - MY_SECRET=org.org.my-topic

EOF

cat <<EOF >secret-generator.yaml
# Create a local Kubernetes Secret
apiVersion: viaduct.ai/v1
kind: ksops
metadata:
  name: secret-generator
  annotations:
    config.kubernetes.io/function: |
        exec:
          path: ksops
secretFrom:
- metadata:
    name: my-credentials-ksops
    annotations:
      kustomize.config.k8s.io/needs-hash: "true"
  literals:
    - MY_SECRET=org.my-topic

EOF

kustomize build --load-restrictor LoadRestrictionsNone --enable-alpha-plugins --enable-exec .
echo "dir: $MYAPP"

what you get is:

apiVersion: v1
kind: Secret
metadata:
  name: my-credentials-ksops-486hdm6545
  namespace: my-namespace
stringData: {} # missing secret
---
apiVersion: v1
data:
  MY_SECRET: b3JnLm9yZy5teS10b3BpYw==
kind: Secret
metadata:
  name: my-credentials-pristine-ckfm5fgd6m
  namespace: my-namespace
type: Opaque

[devstein]

@blinkeye Thanks for making a detail issue! You're right that this looks like a bug. Feel free to contribute a PR; otherwise, I'll try get to this soon.

[devstein]

Hey @blinkeye would you mind looking at #236 to see if it is the solution you were looking for?