Accept and seal stringData into secret

[pinkavaj]

Ref #104

[Crevil]

What is the reasoning for deleting the values? Just curious. :)

[pinkavaj]

It is my obsession with doing thinks right. When for example someone latter would serialize this object it will get duplicate fileds in both data and stringData sections if delete is not done. I agree it is very improbable and actualy technicaly unnecessary.

[mkmik]

When I was first thinking of this issue I though we should make kubeseal take a secret that contains stringData as input, produce a sealed secret that once converted into a secret would be identical to the original, namely keeping the stringData intact. This means we would have to somehow encode that in the sealed secret CRD schema.

But this approach seems pragmatic enough. I wonder how would backwards compatibility look like if we later decide that reversibility is important.

[Crevil]

Makes good sense. Could a test for this maybe be usefull for future reference? So the behaviour becomes very explicit?

[pinkavaj]

I'm not sure I can write right now more complicated test suite in go (this is my second commit in go ... :). But if You give me a hint I will try.

[pinkavaj]

Actually kubectl does the same operation, data and stringData cannot be distinguished once pushed into Kubernetes api.

[mkmik]

Ah interesting, didn't know (fwiw I'm not fond of this kind of magic in k8s...).

Happy to merge when we have some tests

[pinkavaj]

I have managed to dig this think a bit deeper and add some test, please check if it is enought. The whole thing have changed.

[pinkavaj]

The TestSealRoundTripStringDataConversion is more or less duplicate of TestSealRoundTrip, so mey be keep only one of those?

[mkmik]

bors r+

[bors]

Build succeeded

• continuous-integration/travis-ci/push