Output as a string does not interpolate secrets

[tprobinson]

Describe the bug/feature
Using 0.26.0, when a jsonnet component outputs a string and not an object, secret references remain uninterpolated unless kapitan reveal is run.

To Reproduce
Steps to reproduce the behavior:

1. Create files in a new Kapitan project as seen in https://github.com/tprobinson/kapitan-issue-demonstration

2. Run kapitan compile.

Expected behavior
Secrets should be interpolated in the final output.

Additional context
If secrets are interpolated by walking the object that's output by jsonnet, this may be difficult. On a related note, the ?{ ... } secret references get mangled when attempting to operate on them with functions like url encoding. If the secrets' actual value were passed in to jsonnet instead of just strings containing the ?{ ... } references, that may solve two issues at once.

[ramaro]

@tprobinson thanks for reporting. Currently, refs/secrets are designed to be used only from the inventory. Manipulation of these objects via an input will result in undefined behavior as you are describing.
I think the best way to improve this is to implement ref aware handling functions for input types.

[ramaro]

@tprobinson and now that I had a better second look at this, you're right, this should not be happening. Thanks again, will review.

[ramaro]

@tprobinson this is fixed, let me know if that works for you as well. Thank you

[tprobinson]

I'm trying to test this, but I can't seem to compile the binary myself. I'm not much of a Python dev so I'm probably doing something wrong, but running via the Dockerfile build gets me this:

$ docker run --rm kapitan:test help
Traceback (most recent call last):
  File "/opt/venv/bin/kapitan", line 11, in <module>
    load_entry_point('kapitan==0.26.0', 'console_scripts', 'kapitan')()
  File "/opt/venv/lib/python3.7/site-packages/pkg_resources/__init__.py", line 489, in load_entry_point
    return get_distribution(dist).load_entry_point(group, name)
  File "/opt/venv/lib/python3.7/site-packages/pkg_resources/__init__.py", line 2852, in load_entry_point
    return ep.load()
  File "/opt/venv/lib/python3.7/site-packages/pkg_resources/__init__.py", line 2443, in load
    return self.resolve()
  File "/opt/venv/lib/python3.7/site-packages/pkg_resources/__init__.py", line 2449, in resolve
    module = __import__(self.module_name, fromlist=['__name__'], level=0)
  File "/opt/venv/lib/python3.7/site-packages/kapitan/cli.py", line 39, in <module>
    from kapitan.resources import inventory_reclass, resource_callbacks, search_imports
  File "/opt/venv/lib/python3.7/site-packages/kapitan/resources.py", line 35, in <module>
    import reclass
ModuleNotFoundError: No module named 'reclass'

Adding reclass to the requirements.txt gets this:

...
Collecting reclass
  Downloading https://files.pythonhosted.org/packages/e6/e2/7ab398b65da859966784f81145efa37d577005fc43432dd7b0f252196a98/reclass-1.4.1.tar.gz
    ERROR: Command errored out with exit status 1:
     command: /opt/venv/bin/python -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-qrzm0v5c/reclass/setup.py'"'"'; __file__='"'"'/tmp/pip-install-qrzm0v5c/reclass/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' egg_info --egg-base /tmp/pip-install-qrzm0v5c/reclass/pip-egg-info
         cwd: /tmp/pip-install-qrzm0v5c/reclass/
    Complete output (7 lines):
    Traceback (most recent call last):
      File "<string>", line 1, in <module>
      File "/tmp/pip-install-qrzm0v5c/reclass/setup.py", line 10, in <module>
        from reclass.version import *
      File "/tmp/pip-install-qrzm0v5c/reclass/reclass/__init__.py", line 10, in <module>
        from output import OutputLoader
    ModuleNotFoundError: No module named 'output'
    ----------------------------------------
ERROR: Command errored out with exit status 1: python setup.py egg_info Check the logs for full command output.
The command '/bin/sh -c apt-get update     && apt-get install --no-install-recommends -y         build-essential     && python -m venv /opt/venv     && pip install --upgrade pip yq     && pip install -r requirements.txt     && ./kapitan/inputs/helm/build.sh     && pip install .' returned a non-zero code: 1