Merge pull request #103 from sl1pm4t/secret-binary-data

resource/kubernetes_secret: Prevent binary data corruption
hashicorp · Feb 22, 2018 · 2a9beaf · 2a9beaf
2 parents 44b388d + 4a3590f
commit 2a9beaf
Show file tree

Hide file tree

Showing 5 changed files with 62 additions and 1 deletion.
diff --git a/kubernetes/resource_kubernetes_secret.go b/kubernetes/resource_kubernetes_secret.go
@@ -49,7 +49,7 @@ func resourceKubernetesSecretCreate(d *schema.ResourceData, meta interface{}) er
 	metadata := expandMetadata(d.Get("metadata").([]interface{}))
 	secret := api.Secret{
 		ObjectMeta: metadata,
-		StringData: expandStringMap(d.Get("data").(map[string]interface{})),
+		Data:       expandStringMapToByteMap(d.Get("data").(map[string]interface{})),
 	}
 
 	if v, ok := d.GetOk("type"); ok {

diff --git a/kubernetes/resource_kubernetes_secret_test.go b/kubernetes/resource_kubernetes_secret_test.go
@@ -189,6 +189,34 @@ func TestAccKubernetesSecret_importGeneratedName(t *testing.T) {
 	})
 }
 
+func TestAccKubernetesSecret_binaryData(t *testing.T) {
+	var conf api.Secret
+	prefix := "tf-acc-test-gen-"
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:      func() { testAccPreCheck(t) },
+		IDRefreshName: "kubernetes_secret.test",
+		Providers:     testAccProviders,
+		CheckDestroy:  testAccCheckKubernetesSecretDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccKubernetesSecretConfig_binaryData(prefix),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckKubernetesSecretExists("kubernetes_secret.test", &conf),
+					resource.TestCheckResourceAttr("kubernetes_secret.test", "data.%", "1"),
+				),
+			},
+			{
+				Config: testAccKubernetesSecretConfig_binaryData2(prefix),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckKubernetesSecretExists("kubernetes_secret.test", &conf),
+					resource.TestCheckResourceAttr("kubernetes_secret.test", "data.%", "2"),
+				),
+			},
+		},
+	})
+}
+
 func testAccCheckSecretData(m *api.Secret, expected map[string]string) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		if len(expected) == 0 && len(m.Data) == 0 {
@@ -329,3 +357,28 @@ resource "kubernetes_secret" "test" {
 	}
 }`, prefix)
 }
+
+func testAccKubernetesSecretConfig_binaryData(prefix string) string {
+	return fmt.Sprintf(`
+resource "kubernetes_secret" "test" {
+	metadata {
+		generate_name = "%s"
+	}
+	data {
+		one = "${file("./test-fixtures/binary.data")}"
+	}
+}`, prefix)
+}
+
+func testAccKubernetesSecretConfig_binaryData2(prefix string) string {
+	return fmt.Sprintf(`
+resource "kubernetes_secret" "test" {
+	metadata {
+		generate_name = "%s"
+	}
+	data {
+		one = "${file("./test-fixtures/binary2.data")}"
+		two = "${file("./test-fixtures/binary.data")}"
+	}
+}`, prefix)
+}
diff --git a/kubernetes/structures.go b/kubernetes/structures.go
@@ -72,6 +72,14 @@ func expandStringMap(m map[string]interface{}) map[string]string {
 	return result
 }
 
+func expandStringMapToByteMap(m map[string]interface{}) map[string][]byte {
+	result := make(map[string][]byte)
+	for k, v := range m {
+		result[k] = []byte(v.(string))
+	}
+	return result
+}
+
 func expandStringSlice(s []interface{}) []string {
 	result := make([]string, len(s), len(s))
 	for k, v := range s {

diff --git a/kubernetes/test-fixtures/binary.data b/kubernetes/test-fixtures/binary.data
diff --git a/kubernetes/test-fixtures/binary2.data b/kubernetes/test-fixtures/binary2.data