Skip to content

Commit 96206e3

Browse files
vlasov-yvlasov-y
committed
Added mixed encryption example.
Signed-off-by: Yuriy <[email protected]>
1 parent 964a4de commit 96206e3

File tree

7 files changed

+87
-1
lines changed

7 files changed

+87
-1
lines changed

Makefile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@ endif
2424
export PATH:=$(GOBIN):${PATH}
2525

2626
# Allows for defining additional Go test args, e.g. '-tags integration'.
27-
GO_TEST_ARGS ?= -run ^TestKustomizationReconciler_Decryptor$
27+
GO_TEST_ARGS ?=
2828

2929
# Allows for defining additional Docker buildx arguments, e.g. '--push'.
3030
BUILD_ARGS ?= --load

internal/controller/kustomization_decryptor_test.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -174,6 +174,10 @@ func TestKustomizationReconciler_Decryptor(t *testing.T) {
174174
g.Expect(k8sClient.Get(context.TODO(), types.NamespacedName{Name: "sops-patches-secret", Namespace: id}, &patchedSecret)).To(Succeed())
175175
g.Expect(string(patchedSecret.Data["key"])).To(Equal("merge1"))
176176
g.Expect(string(patchedSecret.Data["merge2"])).To(Equal("merge2"))
177+
178+
var pod corev1.Pod
179+
g.Expect(k8sClient.Get(context.TODO(), types.NamespacedName{Name: "sops-mix-pod", Namespace: id}, &pod)).To(Succeed())
180+
g.Expect(len(pod.Spec.Containers)).To(Equal(2))
177181
})
178182

179183
t.Run("does not emit change events for identical secrets", func(t *testing.T) {

internal/controller/testdata/sops/.sops.yaml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,10 @@ creation_rules:
1515
encrypted_regex: ".*"
1616
age: &age age1l44xcng8dqj32nlv6d930qvvrny05hglzcv9qpc7kxjc6902ma4qufys29
1717

18+
- path_regex: pod\.yaml$
19+
encrypted_regex: env
20+
age: *age
21+
1822
- path_regex: \.yaml$
1923
encrypted_regex: *encrypted_regex
2024
age: *age

internal/controller/testdata/sops/kustomization.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,5 +8,6 @@ resources:
88
- patches
99
- inside
1010
- remote
11+
- mix
1112
components:
1213
- ./component

internal/controller/testdata/sops/mix/kustomization.yaml

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
apiVersion: kustomize.config.k8s.io/v1beta1
2+
kind: Kustomization
3+
namePrefix: mix-
4+
resources:
5+
- pod.yaml
6+
patches:
7+
- path: patch.yaml

internal/controller/testdata/sops/mix/patch.yaml

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,35 @@
1+
apiVersion: v1
2+
kind: Pod
3+
metadata:
4+
name: pod
5+
spec:
6+
containers:
7+
- name: patched
8+
image: nginx:stable-alpine
9+
env:
10+
- name: ThatEnvIsEncrypted
11+
value: but the main one is not
12+
resources:
13+
limits:
14+
memory: 50Mi
15+
cpu: 50m
16+
sops:
17+
kms: []
18+
gcp_kms: []
19+
azure_kv: []
20+
hc_vault: []
21+
age:
22+
- recipient: age1l44xcng8dqj32nlv6d930qvvrny05hglzcv9qpc7kxjc6902ma4qufys29
23+
enc: |
24+
-----BEGIN AGE ENCRYPTED FILE-----
25+
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPNVF4Vm1kRGdnbGlqYTJX
26+
c0swbms2OE5sTVFacVRwZHB1K0RaWlBtc0FFCkVTMVg5S1orVzVWMVpkdlEvNm9z
27+
emx4N3Vncm1CSnIzNkJiZ2daVXg3dkkKLS0tIHBNT0ZwWFdhbTljNCtFVXkwNjli
28+
MkNDWFQ4Yk5FRWJxcmg4Q1U5ZzRDZ2MKeDN0cOJYZmFYC5FtuQ1R5c1bbKAkFuPM
29+
pHYRXCN457kJPKzjRVVfQO1VbgsPtSEkHxEqmbGJn5GSMI3nzUW4vQ==
30+
-----END AGE ENCRYPTED FILE-----
31+
lastmodified: "2024-11-13T11:21:33Z"
32+
mac: ENC[AES256_GCM,data:ufNIQBVUDIPPVIrhfdshNXJPyasZdLvf69CIiR7s1U4KpMaOfvt9X/tJpvHCD0BuQN0u1vHVLBaZsYUMIlqbpQ41eKccPBtK6fuEx21CmZ+hJI8Bwfuu37mxF2bg20vrwtWqC4qxmn+tQqkRO5mHQDqk7kVzCRlP4i+nVkanf8Y=,iv:yzj8EBZF6q1GpytMqdIOQtSsmcsLGUN6jNyopYHxSeg=,tag:l2WqEjihDCGEyvaIGHKZUw==,type:str]
33+
pgp: []
34+
encrypted_regex: ^(data|stringData)$
35+
version: 3.9.0

internal/controller/testdata/sops/mix/pod.yaml

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,35 @@
1+
apiVersion: v1
2+
kind: Pod
3+
metadata:
4+
name: pod
5+
spec:
6+
containers:
7+
- name: main
8+
image: nginx:stable-alpine
9+
env:
10+
- name: ENC[AES256_GCM,data:vcqm/OT7suPAQTUDCMNw4wg=,iv:pY047fxZySu8rQ4Z/oYfZ80S7nbLUBWXHP6DU1kJMKg=,tag:xdAUqlNNdnxHxLjjl1Wyow==,type:str]
11+
value: ENC[AES256_GCM,data:x9nGJZnm5rSsKh2iIxT5NFjRoJg=,iv:1bSCgQIV9+Z9rRcUSEpdPVQWMDVkM4OKxk8ea1bn0pk=,tag:AcE8iVIF+QoGKPBVAhBx8A==,type:str]
12+
resources:
13+
limits:
14+
memory: 50Mi
15+
cpu: 50m
16+
sops:
17+
kms: []
18+
gcp_kms: []
19+
azure_kv: []
20+
hc_vault: []
21+
age:
22+
- recipient: age1l44xcng8dqj32nlv6d930qvvrny05hglzcv9qpc7kxjc6902ma4qufys29
23+
enc: |
24+
-----BEGIN AGE ENCRYPTED FILE-----
25+
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBORkE5Q1V6NFlHM0tRc1Bp
26+
aWVmTDJTZTRBZC9PczF1cE9wZlY4dGhGVmc0CndUR2FUdVhuNit1anY2ODFkQWM0
27+
NUtWcjF3R3gzSHQwU2tzNytGQk5CaWsKLS0tIEd2MmZ2Z3phMUd5OTdkUnRJVXpN
28+
U2VRS1gzcjN1N1BwdjJOdEE5Z2M3eE0KJ1ReVeaL83qTYGw/bO4nas8BQYhl1JpK
29+
O1AMcJ4lmH/IrSkf65UnRIdVg645UuhwhNFSEiSyIkuqkACUZeiCMg==
30+
-----END AGE ENCRYPTED FILE-----
31+
lastmodified: "2024-11-13T11:21:30Z"
32+
mac: ENC[AES256_GCM,data:sD/2WIG7KxAKV/eG2Ht2Y/iY/NBM8W21QgQYpuLVpChZSBlWEbHx14qWyH4HfMD7P53+cugCzqxbPTUZyb8yYFy0CxBbYKojAOvD3iEPDBXsdoIW00Lj8gWydibBz4CYywHdlmu1gdCjafueDeeQqe2oqPg2S4treqAE2oU4ys8=,iv:NQHfiJ7P+TcSGrvxFFPn3PIuuFuRzkS8E0JNh14ClB0=,tag:tByyknlD06zv4s7m/yXvuQ==,type:str]
33+
pgp: []
34+
encrypted_regex: env
35+
version: 3.9.0

0 commit comments

Comments
 (0)