Default to yaml secret file format

This change applies this default both at annotation parsing time and at secret fetching time.
cyberark · Oct 29, 2021 · d203f3b · d203f3b
1 parent 582f876
commit d203f3b
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 1 deletion.
diff --git a/pkg/secrets/pushtofile/secret_group.go b/pkg/secrets/pushtofile/secret_group.go
@@ -134,7 +134,7 @@ func maybeFileTemplateFromFormat(
 	fileFormat string,
 	secretSpecs []SecretSpec,
 ) (string, error) {
-	// One of file format or file template must be set
+	// Default to "yaml" file format
 	if len(fileTemplate)+len(fileFormat) == 0 {
 		fileFormat = "yaml"
 	}
@@ -206,6 +206,11 @@ func newSecretGroup(groupName string, secretsBasePath string, annotations map[st
 	fileFormat := annotations[secretGroupFileFormatPrefix+groupName]
 	policyPathPrefix := annotations[secretGroupPolicyPathPrefix+groupName]
 
+	// Default to "yaml" file format
+	if len(fileTemplate)+len(fileFormat) == 0 {
+		fileFormat = "yaml"
+	}
+
 	if len(fileFormat) > 0 {
 		_, err := FileTemplateForFormat(fileFormat, secretSpecs)
 		if err != nil {

diff --git a/pkg/secrets/pushtofile/secret_group_test.go b/pkg/secrets/pushtofile/secret_group_test.go
@@ -223,6 +223,23 @@ func TestNewSecretGroups(t *testing.T) {
 			"relative to secrets base path",
 		)
 	})
+
+	t.Run("secret file format yaml default", func(t *testing.T) {
+		groups, errs := NewSecretGroups("/basepath", map[string]string{
+			"conjur.org/conjur-secrets.first": `
+- path/to/secret/first1
+- aliasfirst2: path/to/secret/first2
+`,
+		})
+
+		assert.Len(t, errs, 0)
+		assert.Len(t, groups, 1)
+		assert.Contains(
+			t,
+			groups[0].FileFormat,
+			"yaml",
+		)
+	})
 }
 
 var pushToFileWithDepsTestCases = []pushToFileWithDepsTestCase{