kubectl-modify-secret
kubectl-modify-secret copied to clipboard
rajatjindal
Trailing whitespice in base64 encoded string
To me it seems like secrets are generated with trailing whitespace, similar to echo vs echo -n. I would expect secrets without trailing linefeed, or is it intentional? Or some misconfiguration on our part?
Hi @einarbj , its not intentional for sure. I will check it out, thanks for reporting.
happy to accept PR if you are willing to debug/fix.
I am not able to replicate the problem. This is how I am trying to replicate it -
○ → cat password.yaml
apiVersion: v1
kind: Secret
metadata:
name: secret-basic-auth
type: kubernetes.io/basic-auth
data:
username: YWRtaW4K
password: cGFzc3dvcmQK
○ → kubectl apply -f password.yaml secret/secret-basic-auth unchanged
Now I am modifying this secret to add new key and value (foo: bar) using modify-secret plugin.
○ → kubectl modify-secret secret-basic-auth
foo: |
bar
password: |
password
username: |
admin
Now checking encoded value: ○ → kubectl get secrets secret-basic-auth -o yaml
apiVersion: v1
data:
foo: YmFyCg==
password: cGFzc3dvcmQK
username: YWRtaW4K
kind: Secret
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","data":{"password":"cGFzc3dvcmQK","username":"YWRtaW4K"},"kind":"Secret","metadata":{"annotations":{},"name":"secret-basic-auth","namespace":"default"},"type":"kubernetes.io/basic-auth"}
creationTimestamp: "2021-08-08T16:45:53Z"
name: secret-basic-auth
type: kubernetes.io/basic-auth
In the above, output is as expected.
Now checking decoded value - ○ → kubectl get secrets secret-basic-auth --template={{.data.foo}} | base64 -d bar (an empty line) ○ → kubectl get secrets secret-basic-auth --template={{.data.username}} | base64 -d admin (an empty line)
So my point here is new line exists in both cases: adding with our plugin (foo) and directly added from yaml file (username).
@einarbj @rajatjindal Let me know if I am checking in a wrong way.