feat: Support outputting stringData from secretGenerator

api/internal/generators/secret.go

@@ -4,28 +4,36 @@
 package generators
 
 import (
+	"fmt"
+
 	"sigs.k8s.io/kustomize/api/ifc"
 	"sigs.k8s.io/kustomize/api/types"
 	"sigs.k8s.io/kustomize/kyaml/yaml"
 )
 
 // MakeSecret makes a kubernetes Secret.
 //
-// Secret: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#secret-v1-core
+// Secret: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/secret-v1/
 //
 // ConfigMaps and Secrets are similar.
 //
 // Like a ConfigMap, a Secret has a `data` field, but unlike a ConfigMap it has
-// no `binaryData` field.
+// no `binaryData` field. Secret also provides a `stringData` field.
 //
-// All of a Secret's data is assumed to be opaque in nature, and assumed to be
+// A Secret's `data` is assumed to be opaque in nature, and assumed to be
 // base64 encoded from its original representation, regardless of whether the
 // original data was UTF-8 text or binary.
 //
 // This encoding provides no secrecy. It's just a neutral, common means to
 // represent opaque text and binary data.  Beneath the base64 encoding
 // is presumably further encoding under control of the Secret's consumer.
 //
+// A Secret's `stringData` field is similar to ConfigMap's `data` field.
+// `stringData` allows specifying non-binary, UTF-8 secret data in string form.
+// It is provided as a write-only input field for convenience.
+// All keys and values are merged into the data field on write, overwriting any
+// existing values. The stringData field is never output when reading from the API.
+//
 // A Secret has string field `type` which holds an identifier, used by the
 // client, to choose the algorithm to interpret the `data` field.  Kubernetes
 // cannot make use of this data; it's up to a controller or some pod's service
@@ -50,8 +58,14 @@ func MakeSecret(
 	if err != nil {
 		return nil, err
 	}
-	if err = rn.LoadMapIntoSecretData(m); err != nil {
-		return nil, err
+	if args.StringData {
+		if err = rn.LoadMapIntoSecretStringData(m); err != nil {
+			return nil, fmt.Errorf("Failed to load map into Secret stringData: %w", err)
+		}
+	} else {
+		if err = rn.LoadMapIntoSecretData(m); err != nil {
+			return nil, fmt.Errorf("Failed to load map into Secret data: %w", err)
+		}
 	}
 	copyLabelsAndAnnotations(rn, args.Options)
 	setImmutable(rn, args.Options)

api/internal/generators/secret_test.go

@@ -193,6 +193,82 @@ data:
   c: SGVsbG8gV29ybGQ=
   d: dHJ1ZQ==
 immutable: true
+`,
+			},
+		},
+		"construct secret from text file as stringData": {
+			args: types.SecretArgs{
+				StringData: true,
+				GeneratorArgs: types.GeneratorArgs{
+					Name: "fileSecret1",
+					KvPairSources: types.KvPairSources{
+						FileSources: []string{
+							filepath.Join("secret", "app-init.ini"),
+						},
+					},
+				},
+			},
+			exp: expected{
+				out: `apiVersion: v1
+kind: Secret
+metadata:
+  name: fileSecret1
+type: Opaque
+stringData:
+  app-init.ini: |
+    FOO=bar
+    BAR=baz
+`,
+			},
+		},
+		"construct secret from text and binary file with stringData and data": {
+			args: types.SecretArgs{
+				StringData: true,
+				GeneratorArgs: types.GeneratorArgs{
+					Name: "fileSecret2",
+					KvPairSources: types.KvPairSources{
+						FileSources: []string{
+							filepath.Join("secret", "app-init.ini"),
+							filepath.Join("secret", "app.bin"),
+						},
+					},
+				},
+			},
+			exp: expected{
+				out: `apiVersion: v1
+kind: Secret
+metadata:
+  name: fileSecret2
+type: Opaque
+stringData:
+  app-init.ini: |
+    FOO=bar
+    BAR=baz
+data:
+  app.bin: //0=
+`,
+			},
+		},
+		"construct secret from a binary file and fallback to data from stringData": {
+			args: types.SecretArgs{
+				StringData: true,
+				GeneratorArgs: types.GeneratorArgs{
+					Name: "fileSecret2",
+					KvPairSources: types.KvPairSources{
+						FileSources: []string{
+							filepath.Join("secret", "app.bin"),
+						},
+					},
+				},
+			},
+			exp: expected{
+				out: `apiVersion: v1
+kind: Secret
+metadata:
+  name: fileSecret2
+type: Opaque
+data:
+  app.bin: //0=
 `,
 			},
 		},