Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package kubeseal for openSUSE:Factory checked in at 2026-05-23 23:23:29 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kubeseal (Old) and /work/SRC/openSUSE:Factory/.kubeseal.new.2084 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kubeseal" Sat May 23 23:23:29 2026 rev:47 rq:1354537 version:0.37.0 Changes: -------- --- /work/SRC/openSUSE:Factory/kubeseal/kubeseal.changes 2026-04-17 21:04:17.497917635 +0200 +++ /work/SRC/openSUSE:Factory/.kubeseal.new.2084/kubeseal.changes 2026-05-23 23:23:56.912313618 +0200 @@ -1,0 +2,17 @@ +Fri May 22 04:58:10 UTC 2026 - Johannes Kastl <[email protected]> + +- Update to version 0.37.0: + * Bump Go version to 1.26.3 (#1966) + * Bump 0.36.1 api,client-go,apimachinery and code-generator + (#1965) + * Bump distroless/static from `47b2d72` to `3592aa8` in /docker + (#1964) + * Bump github.com/onsi/ginkgo/v2 from 2.28.1 to 2.28.3 (#1956) + * Bump golang.org/x/crypto from 0.50.0 to 0.51.0 (#1957) + * Bump github.com/mattn/go-isatty from 0.0.21 to 0.0.22 (#1954) + * Bump k8s.io/code-generator from 0.35.3 to 0.35.4 (#1946) + * Bump k8s.io/client-go from 0.35.3 to 0.35.4 (#1947) + * Bump github.com/mattn/go-isatty from 0.0.20 to 0.0.21 (#1943) + * Bump golang.org/x/crypto from 0.49.0 to 0.50.0 (#1942) + +------------------------------------------------------------------- Old: ---- kubeseal-0.36.6.obscpio New: ---- kubeseal-0.37.0.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ kubeseal.spec ++++++ --- /var/tmp/diff_new_pack.XkpJ31/_old 2026-05-23 23:23:58.092361791 +0200 +++ /var/tmp/diff_new_pack.XkpJ31/_new 2026-05-23 23:23:58.092361791 +0200 @@ -17,14 +17,14 @@ Name: kubeseal -Version: 0.36.6 +Version: 0.37.0 Release: 0 Summary: CLI for encrypting secrets to SealedSecrets License: Apache-2.0 URL: https://github.com/bitnami-labs/sealed-secrets Source: %{name}-%{version}.tar.gz Source1: vendor.tar.gz -BuildRequires: go1.26 >= 1.26.2 +BuildRequires: go1.26 >= 1.26.3 %description Problem: "I can manage all my K8s config in git, except Secrets." ++++++ _service ++++++ --- /var/tmp/diff_new_pack.XkpJ31/_old 2026-05-23 23:23:58.132363424 +0200 +++ /var/tmp/diff_new_pack.XkpJ31/_new 2026-05-23 23:23:58.136363587 +0200 @@ -3,7 +3,7 @@ <param name="url">https://github.com/bitnami-labs/sealed-secrets.git</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="revision">v0.36.6</param> + <param name="revision">v0.37.0</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="changesgenerate">enable</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.XkpJ31/_old 2026-05-23 23:23:58.160364567 +0200 +++ /var/tmp/diff_new_pack.XkpJ31/_new 2026-05-23 23:23:58.168364894 +0200 @@ -3,6 +3,6 @@ <param name="url">https://github.com/bitnami-labs/sealed-secrets</param> <param name="changesrevision">97e5023c97fa29a5a91706c6d140851fa282bae7</param></service><service name="tar_scm"> <param name="url">https://github.com/bitnami-labs/sealed-secrets.git</param> - <param name="changesrevision">6dc880366d1cafa16683173cc3c8e3b58e930937</param></service></servicedata> + <param name="changesrevision">8e4ed463552a6a6462648a9ff090a1f42abbda30</param></service></servicedata> (No newline at EOF) ++++++ kubeseal-0.36.6.obscpio -> kubeseal-0.37.0.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeseal-0.36.6/RELEASE-NOTES.md new/kubeseal-0.37.0/RELEASE-NOTES.md --- old/kubeseal-0.36.6/RELEASE-NOTES.md 2026-04-09 19:14:35.000000000 +0200 +++ new/kubeseal-0.37.0/RELEASE-NOTES.md 2026-05-21 16:26:13.000000000 +0200 @@ -4,6 +4,23 @@ [](https://github.com/bitnami-labs/sealed-secrets/releases/latest) +## v0.37.0 + +- Expose plaintext template.data values in template rendering context ([#1940](https://github.com/bitnami-labs/sealed-secrets/pull/1940)) +- Bump Go version to 1.26.3 ([#1966](https://github.com/bitnami-labs/sealed-secrets/pull/1966)) +- Bump 0.36.1 api,client-go,apimachinery and code-generator ([#1965](https://github.com/bitnami-labs/sealed-secrets/pull/1965)) +- Bump distroless/static from `47b2d72` to `3592aa8` in /docker ([#1964](https://github.com/bitnami-labs/sealed-secrets/pull/1964)) +- Bump github.com/onsi/ginkgo/v2 from 2.28.1 to 2.28.3 ([#1956](https://github.com/bitnami-labs/sealed-secrets/pull/1956)) +- Bump golang.org/x/crypto from 0.50.0 to 0.51.0 ([#1957](https://github.com/bitnami-labs/sealed-secrets/pull/1957)) +- Cooldown period for dependency updates and update K8S support ([#1955](https://github.com/bitnami-labs/sealed-secrets/pull/1955)) +- Bump github.com/mattn/go-isatty from 0.0.21 to 0.0.22 ([#1954](https://github.com/bitnami-labs/sealed-secrets/pull/1954)) +- chore: typo `occured` -> `occurred` in prometheus-mixin README ([#1949](https://github.com/bitnami-labs/sealed-secrets/pull/1949)) +- Bump k8s.io/code-generator from 0.35.3 to 0.35.4 ([#1946](https://github.com/bitnami-labs/sealed-secrets/pull/1946)) +- Bump k8s.io/client-go from 0.35.3 to 0.35.4 ([#1947](https://github.com/bitnami-labs/sealed-secrets/pull/1947)) +- Bump github.com/mattn/go-isatty from 0.0.20 to 0.0.21 ([#1943](https://github.com/bitnami-labs/sealed-secrets/pull/1943)) +- Bump golang.org/x/crypto from 0.49.0 to 0.50.0 ([#1942](https://github.com/bitnami-labs/sealed-secrets/pull/1942)) +- fix: add explicit GITHUB_TOKEN permissions to workflows ([#1933](https://github.com/bitnami-labs/sealed-secrets/pull/1933)) + ## v0.36.6 - Incomplete release for dockerhub credentials problems diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeseal-0.36.6/contrib/prometheus-mixin/README.md new/kubeseal-0.37.0/contrib/prometheus-mixin/README.md --- old/kubeseal-0.36.6/contrib/prometheus-mixin/README.md 2026-04-09 19:14:35.000000000 +0200 +++ new/kubeseal-0.37.0/contrib/prometheus-mixin/README.md 2026-05-21 16:26:13.000000000 +0200 @@ -5,7 +5,7 @@ These metrics enable operators to observe how it is performing. For example how many `SealedSecret` unseals have been attempted and how many errors may -have occured due to RBAC permissions, wrong key, corrupted data, etc. +have occurred due to RBAC permissions, wrong key, corrupted data, etc. These metrics can be scraped by a Prometheus server and viewed in Prometheus, displayed on a Grafana dashboard and/or trigger alerts to Slack/etc. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeseal-0.36.6/docker/controller.Dockerfile new/kubeseal-0.37.0/docker/controller.Dockerfile --- old/kubeseal-0.36.6/docker/controller.Dockerfile 2026-04-09 19:14:35.000000000 +0200 +++ new/kubeseal-0.37.0/docker/controller.Dockerfile 2026-05-21 16:26:13.000000000 +0200 @@ -1,4 +1,4 @@ -FROM gcr.io/distroless/static@sha256:47b2d72ff90843eb8a768b5c2f89b40741843b639d065b9b937b07cd59b479c6 +FROM gcr.io/distroless/static@sha256:3592aa8171c77482f62bbc4164e6a2d141c6122554ace66e5cc910cadb961ff0 LABEL maintainer "Sealed Secrets <[email protected]>" USER 1001 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeseal-0.36.6/docker/kubeseal.Dockerfile new/kubeseal-0.37.0/docker/kubeseal.Dockerfile --- old/kubeseal-0.36.6/docker/kubeseal.Dockerfile 2026-04-09 19:14:35.000000000 +0200 +++ new/kubeseal-0.37.0/docker/kubeseal.Dockerfile 2026-05-21 16:26:13.000000000 +0200 @@ -1,4 +1,4 @@ -FROM gcr.io/distroless/static@sha256:47b2d72ff90843eb8a768b5c2f89b40741843b639d065b9b937b07cd59b479c6 +FROM gcr.io/distroless/static@sha256:3592aa8171c77482f62bbc4164e6a2d141c6122554ace66e5cc910cadb961ff0 LABEL maintainer "Sealed Secrets <[email protected]>" USER 1001 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeseal-0.36.6/go.mod new/kubeseal-0.37.0/go.mod --- old/kubeseal-0.36.6/go.mod 2026-04-09 19:14:35.000000000 +0200 +++ new/kubeseal-0.37.0/go.mod 2026-05-21 16:26:13.000000000 +0200 @@ -1,28 +1,28 @@ module github.com/bitnami-labs/sealed-secrets -go 1.26.2 +go 1.26.3 require ( github.com/Masterminds/sprig/v3 v3.3.0 github.com/google/go-cmp v0.7.0 github.com/google/renameio v0.1.0 - github.com/mattn/go-isatty v0.0.20 + github.com/mattn/go-isatty v0.0.22 github.com/mkmik/multierror v0.4.0 - github.com/onsi/ginkgo/v2 v2.28.1 - github.com/onsi/gomega v1.39.1 + github.com/onsi/ginkgo/v2 v2.28.3 + github.com/onsi/gomega v1.40.0 github.com/prometheus/client_golang v1.23.2 github.com/prometheus/client_model v0.6.2 github.com/spf13/pflag v1.0.10 github.com/throttled/throttled v2.2.5+incompatible - golang.org/x/crypto v0.49.0 + golang.org/x/crypto v0.51.0 gopkg.in/yaml.v2 v2.4.0 - k8s.io/api v0.35.3 - k8s.io/apimachinery v0.35.3 - k8s.io/client-go v0.35.3 - k8s.io/code-generator v0.35.3 + k8s.io/api v0.36.1 + k8s.io/apimachinery v0.36.1 + k8s.io/client-go v0.36.1 + k8s.io/code-generator v0.36.1 k8s.io/klog v1.0.0 k8s.io/klog/v2 v2.140.0 - k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 + k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2 ) require ( @@ -32,7 +32,7 @@ github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect - github.com/emicklei/go-restful/v3 v3.12.2 // indirect + github.com/emicklei/go-restful/v3 v3.13.0 // indirect github.com/fxamacker/cbor/v2 v2.9.0 // indirect github.com/go-logr/logr v1.4.3 // indirect github.com/go-openapi/jsonpointer v0.21.0 // indirect @@ -41,7 +41,7 @@ github.com/go-task/slim-sprig/v3 v3.0.0 // indirect github.com/gomodule/redigo v2.0.0+incompatible // indirect github.com/google/gnostic-models v0.7.0 // indirect - github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 // indirect + github.com/google/pprof v0.0.0-20260402051712-545e8a4df936 // indirect github.com/google/uuid v1.6.0 // indirect github.com/hashicorp/golang-lru v1.0.2 // indirect github.com/huandu/xstrings v1.5.0 // indirect @@ -53,7 +53,7 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect - github.com/pmezard/go-difflib v1.0.0 // indirect + github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/prometheus/common v0.66.1 // indirect github.com/prometheus/procfs v0.16.1 // indirect github.com/shopspring/decimal v1.4.0 // indirect @@ -61,23 +61,23 @@ github.com/x448/float16 v0.8.4 // indirect go.yaml.in/yaml/v2 v2.4.3 // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect - golang.org/x/mod v0.33.0 // indirect - golang.org/x/net v0.51.0 // indirect - golang.org/x/oauth2 v0.30.0 // indirect + golang.org/x/mod v0.35.0 // indirect + golang.org/x/net v0.53.0 // indirect + golang.org/x/oauth2 v0.34.0 // indirect golang.org/x/sync v0.20.0 // indirect - golang.org/x/sys v0.42.0 // indirect - golang.org/x/term v0.41.0 // indirect - golang.org/x/text v0.35.0 // indirect - golang.org/x/time v0.9.0 // indirect - golang.org/x/tools v0.42.0 // indirect - google.golang.org/protobuf v1.36.8 // indirect + golang.org/x/sys v0.44.0 // indirect + golang.org/x/term v0.43.0 // indirect + golang.org/x/text v0.37.0 // indirect + golang.org/x/time v0.14.0 // indirect + golang.org/x/tools v0.44.0 // indirect + google.golang.org/protobuf v1.36.12-0.20260120151049-f2248ac996af // indirect gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/gengo/v2 v2.0.0-20250922181213-ec3ebc5fd46b // indirect - k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 // indirect + k8s.io/kube-openapi v0.0.0-20260317180543-43fb72c5454a // indirect sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect sigs.k8s.io/randfill v1.0.0 // indirect - sigs.k8s.io/structured-merge-diff/v6 v6.3.0 // indirect + sigs.k8s.io/structured-merge-diff/v6 v6.3.2 // indirect sigs.k8s.io/yaml v1.6.0 // indirect ) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeseal-0.36.6/go.sum new/kubeseal-0.37.0/go.sum --- old/kubeseal-0.36.6/go.sum 2026-04-09 19:14:35.000000000 +0200 +++ new/kubeseal-0.37.0/go.sum 2026-05-21 16:26:13.000000000 +0200 @@ -14,8 +14,8 @@ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/emicklei/go-restful/v3 v3.12.2 h1:DhwDP0vY3k8ZzE0RunuJy8GhNpPL6zqLkDf9B/a0/xU= -github.com/emicklei/go-restful/v3 v3.12.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/emicklei/go-restful/v3 v3.13.0 h1:C4Bl2xDndpU6nJ4bc1jXd+uTmYPVUwkD6bFY/oTyCes= +github.com/emicklei/go-restful/v3 v3.13.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= github.com/fxamacker/cbor/v2 v2.9.0 h1:NpKPmjDBgUfBms6tr6JZkTHtfFGcMKsw3eGcmD/sapM= @@ -46,8 +46,8 @@ github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 h1:z2ogiKUYzX5Is6zr/vP9vJGqPwcdqsWjOt+V8J7+bTc= -github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83/go.mod h1:MxpfABSjhmINe3F1It9d+8exIHFvUqtLIRCdOGNXqiI= +github.com/google/pprof v0.0.0-20260402051712-545e8a4df936 h1:EwtI+Al+DeppwYX2oXJCETMO23COyaKGP6fHVpkpWpg= +github.com/google/pprof v0.0.0-20260402051712-545e8a4df936/go.mod h1:MxpfABSjhmINe3F1It9d+8exIHFvUqtLIRCdOGNXqiI= github.com/google/renameio v0.1.0 h1:GOZbcHa3HfsPKPlmyPyN2KEohoMXOhdMbHrvbpl2QaA= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= @@ -74,8 +74,8 @@ github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/maruel/natural v1.1.1 h1:Hja7XhhmvEFhcByqDoHz9QZbkWey+COd9xWfCfn1ioo= github.com/maruel/natural v1.1.1/go.mod h1:v+Rfd79xlw1AgVBjbO0BEQmptqb5HvL/k9GRHB7ZKEg= -github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= -github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/mattn/go-isatty v0.0.22 h1:j8l17JJ9i6VGPUFUYoTUKPSgKe/83EYU2zBC7YNKMw4= +github.com/mattn/go-isatty v0.0.22/go.mod h1:ZXfXG4SQHsB/w3ZeOYbR0PrPwLy+n6xiMrJlRFqopa4= github.com/mfridman/tparse v0.18.0 h1:wh6dzOKaIwkUGyKgOntDW4liXSo37qg5AXbIhkMV3vE= github.com/mfridman/tparse v0.18.0/go.mod h1:gEvqZTuCgEhPbYk/2lS3Kcxg1GmTxxU7kTC8DvP0i/A= github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= @@ -92,12 +92,13 @@ github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/onsi/ginkgo/v2 v2.28.1 h1:S4hj+HbZp40fNKuLUQOYLDgZLwNUVn19N3Atb98NCyI= -github.com/onsi/ginkgo/v2 v2.28.1/go.mod h1:CLtbVInNckU3/+gC8LzkGUb9oF+e8W8TdUsxPwvdOgE= -github.com/onsi/gomega v1.39.1 h1:1IJLAad4zjPn2PsnhH70V4DKRFlrCzGBNrNaru+Vf28= -github.com/onsi/gomega v1.39.1/go.mod h1:hL6yVALoTOxeWudERyfppUcZXjMwIMLnuSfruD2lcfg= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/onsi/ginkgo/v2 v2.28.3 h1:4JvMdwtFU0imd8fHx25OJXoDMRexnf8v5NHKYSTTji4= +github.com/onsi/ginkgo/v2 v2.28.3/go.mod h1:+aXOY+vzZ5mu2iI2HpTZUPmM//oQfsNFX6gU9kNcA44= +github.com/onsi/gomega v1.40.0 h1:Vtol0e1MghCD2ZVIilPDIg44XSL9l2QAn8ZNaljWcJc= +github.com/onsi/gomega v1.40.0/go.mod h1:M/Uqpu/8qTjtzCLUA2zJHX9Iilrau25x1PdoSRbWh5A= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/prometheus/client_golang v1.23.2 h1:Je96obch5RDVy3FDMndoUsjAhG5Edi49h0RJWRi/o0o= github.com/prometheus/client_golang v1.23.2/go.mod h1:Tb1a6LWHB3/SPIzCoaDXI4I8UHKeFTEQ1YCr+0Gyqmg= github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk= @@ -138,33 +139,32 @@ go.yaml.in/yaml/v2 v2.4.3/go.mod h1:zSxWcmIDjOzPXpjlTTbAsKokqkDNAVtZO0WOMiT90s8= go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg= -golang.org/x/crypto v0.49.0 h1:+Ng2ULVvLHnJ/ZFEq4KdcDd/cfjrrjjNSXNzxg0Y4U4= -golang.org/x/crypto v0.49.0/go.mod h1:ErX4dUh2UM+CFYiXZRTcMpEcN8b/1gxEuv3nODoYtCA= -golang.org/x/mod v0.33.0 h1:tHFzIWbBifEmbwtGz65eaWyGiGZatSrT9prnU8DbVL8= -golang.org/x/mod v0.33.0/go.mod h1:swjeQEj+6r7fODbD2cqrnje9PnziFuw4bmLbBZFrQ5w= -golang.org/x/net v0.51.0 h1:94R/GTO7mt3/4wIKpcR5gkGmRLOuE/2hNGeWq/GBIFo= -golang.org/x/net v0.51.0/go.mod h1:aamm+2QF5ogm02fjy5Bb7CQ0WMt1/WVM7FtyaTLlA9Y= -golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI= -golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU= +golang.org/x/crypto v0.51.0 h1:IBPXwPfKxY7cWQZ38ZCIRPI50YLeevDLlLnyC5wRGTI= +golang.org/x/crypto v0.51.0/go.mod h1:8AdwkbraGNABw2kOX6YFPs3WM22XqI4EXEd8g+x7Oc8= +golang.org/x/mod v0.35.0 h1:Ww1D637e6Pg+Zb2KrWfHQUnH2dQRLBQyAtpr/haaJeM= +golang.org/x/mod v0.35.0/go.mod h1:+GwiRhIInF8wPm+4AoT6L0FA1QWAad3OMdTRx4tFYlU= +golang.org/x/net v0.53.0 h1:d+qAbo5L0orcWAr0a9JweQpjXF19LMXJE8Ey7hwOdUA= +golang.org/x/net v0.53.0/go.mod h1:JvMuJH7rrdiCfbeHoo3fCQU24Lf5JJwT9W3sJFulfgs= +golang.org/x/oauth2 v0.34.0 h1:hqK/t4AKgbqWkdkcAeI8XLmbK+4m4G5YeQRrmiotGlw= +golang.org/x/oauth2 v0.34.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA= golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4= golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0= -golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo= -golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= -golang.org/x/term v0.41.0 h1:QCgPso/Q3RTJx2Th4bDLqML4W6iJiaXFq2/ftQF13YU= -golang.org/x/term v0.41.0/go.mod h1:3pfBgksrReYfZ5lvYM0kSO0LIkAl4Yl2bXOkKP7Ec2A= -golang.org/x/text v0.35.0 h1:JOVx6vVDFokkpaq1AEptVzLTpDe9KGpj5tR4/X+ybL8= -golang.org/x/text v0.35.0/go.mod h1:khi/HExzZJ2pGnjenulevKNX1W67CUy0AsXcNubPGCA= -golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY= -golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= -golang.org/x/tools v0.42.0 h1:uNgphsn75Tdz5Ji2q36v/nsFSfR/9BRFvqhGBaJGd5k= -golang.org/x/tools v0.42.0/go.mod h1:Ma6lCIwGZvHK6XtgbswSoWroEkhugApmsXyrUmBhfr0= +golang.org/x/sys v0.44.0 h1:ildZl3J4uzeKP07r2F++Op7E9B29JRUy+a27EibtBTQ= +golang.org/x/sys v0.44.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= +golang.org/x/term v0.43.0 h1:S4RLU2sB31O/NCl+zFN9Aru9A/Cq2aqKpTZJ6B+DwT4= +golang.org/x/term v0.43.0/go.mod h1:lrhlHNdQJHO+1qVYiHfFKVuVioJIheAc3fBSMFYEIsk= +golang.org/x/text v0.37.0 h1:Cqjiwd9eSg8e0QAkyCaQTNHFIIzWtidPahFWR83rTrc= +golang.org/x/text v0.37.0/go.mod h1:a5sjxXGs9hsn/AJVwuElvCAo9v8QYLzvavO5z2PiM38= +golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI= +golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4= +golang.org/x/tools v0.44.0 h1:UP4ajHPIcuMjT1GqzDWRlalUEoY+uzoZKnhOjbIPD2c= +golang.org/x/tools v0.44.0/go.mod h1:KA0AfVErSdxRZIsOVipbv3rQhVXTnlU6UhKxHd1seDI= golang.org/x/tools/go/expect v0.1.1-deprecated h1:jpBZDwmgPhXsKZC6WhL20P4b/wmnpsEAGHaNy0n/rJM= golang.org/x/tools/go/expect v0.1.1-deprecated/go.mod h1:eihoPOH+FgIqa3FpoTwguz/bVUSGBlGQU67vpBeOrBY= golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated h1:1h2MnaIAIXISqTFKdENegdpAgUXz6NrPEsbIeWaBRvM= golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated/go.mod h1:RVAQXBGNv1ib0J382/DPCRS/BPnsGebyM1Gj5VSDpG8= -google.golang.org/protobuf v1.36.8 h1:xHScyCOEuuwZEc6UtSOvPbAT4zRh0xcNRYekJwfqyMc= -google.golang.org/protobuf v1.36.8/go.mod h1:fuxRtAxBytpl4zzqUh6/eyUujkJdNiuEkXntxiD/uRU= +google.golang.org/protobuf v1.36.12-0.20260120151049-f2248ac996af h1:+5/Sw3GsDNlEmu7TfklWKPdQ0Ykja5VEmq2i817+jbI= +google.golang.org/protobuf v1.36.12-0.20260120151049-f2248ac996af/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= @@ -176,29 +176,29 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/api v0.35.3 h1:pA2fiBc6+N9PDf7SAiluKGEBuScsTzd2uYBkA5RzNWQ= -k8s.io/api v0.35.3/go.mod h1:9Y9tkBcFwKNq2sxwZTQh1Njh9qHl81D0As56tu42GA4= -k8s.io/apimachinery v0.35.3 h1:MeaUwQCV3tjKP4bcwWGgZ/cp/vpsRnQzqO6J6tJyoF8= -k8s.io/apimachinery v0.35.3/go.mod h1:jQCgFZFR1F4Ik7hvr2g84RTJSZegBc8yHgFWKn//hns= -k8s.io/client-go v0.35.3 h1:s1lZbpN4uI6IxeTM2cpdtrwHcSOBML1ODNTCCfsP1pg= -k8s.io/client-go v0.35.3/go.mod h1:RzoXkc0mzpWIDvBrRnD+VlfXP+lRzqQjCmKtiwZ8Q9c= -k8s.io/code-generator v0.35.3 h1:NDGCLkEm6Ho65wTdSe2EgErmmtsrezOPwwOchlNc6FQ= -k8s.io/code-generator v0.35.3/go.mod h1:LAVriRGXQusHQ0Ns64SE1ublSswm1KrK7cXn0GuQETg= +k8s.io/api v0.36.1 h1:XbL/EMj8K2aJpJtePmqUyQMsM0D4QI2pvl7YKJ20FTY= +k8s.io/api v0.36.1/go.mod h1:KOWo4ey3TINlXjeHVuwB3i+tXXnu+UcwFBHlI/9dvEo= +k8s.io/apimachinery v0.36.1 h1:G63Gjx2W+q0YD+72Vo8oY0nDnePVwnuzTmmy5ENrVSA= +k8s.io/apimachinery v0.36.1/go.mod h1:ibYOR00vW/I1kzvi5SF0dRuJ52BvKtfvRdOn35GPQ+8= +k8s.io/client-go v0.36.1 h1:FN/K8QIT2CEDt+2WB2HnWrUANZ50AP5GII43/SP2JR0= +k8s.io/client-go v0.36.1/go.mod h1:s6rAnCtTGYDQnpNjEhSaISV+2O8jwruZ6m3QOYBFbtU= +k8s.io/code-generator v0.36.1 h1:5bHQ7NbBcFFLHcoyo/hgU3m2tQV5RLz2nv4QNDlsbXc= +k8s.io/code-generator v0.36.1/go.mod h1:oCv8WmrW2RGdcMyvSk1aYbBfSs51ggtSFQr1YNeuAuo= k8s.io/gengo/v2 v2.0.0-20250922181213-ec3ebc5fd46b h1:gMplByicHV/TJBizHd9aVEsTYoJBnnUAT5MHlTkbjhQ= k8s.io/gengo/v2 v2.0.0-20250922181213-ec3ebc5fd46b/go.mod h1:CgujABENc3KuTrcsdpGmrrASjtQsWCT7R99mEV4U/fM= k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8= k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= k8s.io/klog/v2 v2.140.0 h1:Tf+J3AH7xnUzZyVVXhTgGhEKnFqye14aadWv7bzXdzc= k8s.io/klog/v2 v2.140.0/go.mod h1:o+/RWfJ6PwpnFn7OyAG3QnO47BFsymfEfrz6XyYSSp0= -k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 h1:Y3gxNAuB0OBLImH611+UDZcmKS3g6CthxToOb37KgwE= -k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912/go.mod h1:kdmbQkyfwUagLfXIad1y2TdrjPFWp2Q89B3qkRwf/pQ= -k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 h1:SjGebBtkBqHFOli+05xYbK8YF1Dzkbzn+gDM4X9T4Ck= -k8s.io/utils v0.0.0-20251002143259-bc988d571ff4/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/kube-openapi v0.0.0-20260317180543-43fb72c5454a h1:xCeOEAOoGYl2jnJoHkC3hkbPJgdATINPMAxaynU2Ovg= +k8s.io/kube-openapi v0.0.0-20260317180543-43fb72c5454a/go.mod h1:uGBT7iTA6c6MvqUvSXIaYZo9ukscABYi2btjhvgKGZ0= +k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2 h1:AZYQSJemyQB5eRxqcPky+/7EdBj0xi3g0ZcxxJ7vbWU= +k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2/go.mod h1:xDxuJ0whA3d0I4mf/C4ppKHxXynQ+fxnkmQH0vTHnuk= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU= sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= -sigs.k8s.io/structured-merge-diff/v6 v6.3.0 h1:jTijUJbW353oVOd9oTlifJqOGEkUw2jB/fXCbTiQEco= -sigs.k8s.io/structured-merge-diff/v6 v6.3.0/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE= +sigs.k8s.io/structured-merge-diff/v6 v6.3.2 h1:kwVWMx5yS1CrnFWA/2QHyRVJ8jM6dBA80uLmm0wJkk8= +sigs.k8s.io/structured-merge-diff/v6 v6.3.2/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE= sigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs= sigs.k8s.io/yaml v1.6.0/go.mod h1:796bPqUfzR/0jLAl6XjHl3Ck7MiyVv8dbTdyT3/pMf4= diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeseal-0.36.6/helm/sealed-secrets/Chart.yaml new/kubeseal-0.37.0/helm/sealed-secrets/Chart.yaml --- old/kubeseal-0.36.6/helm/sealed-secrets/Chart.yaml 2026-04-09 19:14:35.000000000 +0200 +++ new/kubeseal-0.37.0/helm/sealed-secrets/Chart.yaml 2026-05-21 16:26:13.000000000 +0200 @@ -1,7 +1,7 @@ annotations: category: DeveloperTools apiVersion: v2 -appVersion: 0.36.1 +appVersion: 0.36.6 description: Helm chart for the sealed-secrets controller. home: https://github.com/bitnami-labs/sealed-secrets icon: https://bitnami.com/assets/stacks/sealed-secrets/img/sealed-secrets-stack-220x234.png @@ -14,6 +14,6 @@ url: https://github.com/bitnami-labs/sealed-secrets name: sealed-secrets type: application -version: 2.18.4 +version: 2.18.5 sources: - https://github.com/bitnami-labs/sealed-secrets diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeseal-0.36.6/helm/sealed-secrets/README.md new/kubeseal-0.37.0/helm/sealed-secrets/README.md --- old/kubeseal-0.36.6/helm/sealed-secrets/README.md 2026-04-09 19:14:35.000000000 +0200 +++ new/kubeseal-0.37.0/helm/sealed-secrets/README.md 2026-05-21 16:26:13.000000000 +0200 @@ -86,7 +86,7 @@ | ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------ | ----------------------------------- | | `image.registry` | Sealed Secrets image registry | `docker.io` | | `image.repository` | Sealed Secrets image repository | `bitnami/sealed-secrets-controller` | -| `image.tag` | Sealed Secrets image tag (immutable tags are recommended) | `0.36.1` | +| `image.tag` | Sealed Secrets image tag (immutable tags are recommended) | `0.36.6` | | `image.pullPolicy` | Sealed Secrets image pull policy | `IfNotPresent` | | `image.pullSecrets` | Sealed Secrets image pull secrets | `[]` | | `revisionHistoryLimit` | Number of old history to retain to allow rollback (If not set, default Kubernetes value is set to 10) | `""` | diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeseal-0.36.6/helm/sealed-secrets/values.yaml new/kubeseal-0.37.0/helm/sealed-secrets/values.yaml --- old/kubeseal-0.36.6/helm/sealed-secrets/values.yaml 2026-04-09 19:14:35.000000000 +0200 +++ new/kubeseal-0.37.0/helm/sealed-secrets/values.yaml 2026-05-21 16:26:13.000000000 +0200 @@ -39,7 +39,7 @@ image: registry: docker.io repository: bitnami/sealed-secrets-controller - tag: 0.36.1 + tag: 0.36.6 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeseal-0.36.6/pkg/apis/sealedsecrets/v1alpha1/sealedsecret_expansion.go new/kubeseal-0.37.0/pkg/apis/sealedsecrets/v1alpha1/sealedsecret_expansion.go --- old/kubeseal-0.36.6/pkg/apis/sealedsecrets/v1alpha1/sealedsecret_expansion.go 2026-04-09 19:14:35.000000000 +0200 +++ new/kubeseal-0.37.0/pkg/apis/sealedsecrets/v1alpha1/sealedsecret_expansion.go 2026-05-21 16:26:13.000000000 +0200 @@ -298,6 +298,20 @@ data[key] = string(plaintext) } + // Expose raw plaintext values from spec.template.data in the + // template rendering context, so that templates defined in + // spec.template.data can reference sibling plaintext keys as + // {{ .key }} variables (e.g. {{ .username }} alongside an + // encrypted password). Encrypted values take precedence on key + // collision so adding a plaintext key can never silently shadow + // a real secret value. + // See https://github.com/bitnami-labs/sealed-secrets/issues/1607 + for key, value := range s.Spec.Template.Data { + if _, exists := data[key]; !exists { + data[key] = value + } + } + for key, value := range s.Spec.Template.Data { var plaintext bytes.Buffer @@ -310,7 +324,12 @@ if err != nil { errs = append(errs, multierror.Tag(key, err)) } - secret.Data[key] = plaintext.Bytes() + // Do not overwrite a key that was already populated from + // encryptedData; encrypted values take precedence in the + // output Secret as well as in the template rendering context. + if _, fromEncrypted := s.Spec.EncryptedData[key]; !fromEncrypted { + secret.Data[key] = plaintext.Bytes() + } } if errs != nil { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeseal-0.36.6/pkg/apis/sealedsecrets/v1alpha1/sealedsecret_test.go new/kubeseal-0.37.0/pkg/apis/sealedsecrets/v1alpha1/sealedsecret_test.go --- old/kubeseal-0.36.6/pkg/apis/sealedsecrets/v1alpha1/sealedsecret_test.go 2026-04-09 19:14:35.000000000 +0200 +++ new/kubeseal-0.37.0/pkg/apis/sealedsecrets/v1alpha1/sealedsecret_test.go 2026-05-21 16:26:13.000000000 +0200 @@ -391,6 +391,110 @@ } } +// TestTemplateDataPlaintextReference verifies that plaintext keys defined +// in spec.template.data can be referenced from sibling templates as +// {{ .key }} variables. Regression test for +// https://github.com/bitnami-labs/sealed-secrets/issues/1607 +func TestTemplateDataPlaintextReference(t *testing.T) { + sealed := SealedSecret{ + Spec: SealedSecretSpec{ + Template: SecretTemplateSpec{ + Data: map[string]string{ + "username": "myUsername", + "settings.xml": `<server><username>{{ .username }}</username></server>`, + }, + }, + }, + } + + unsealed, err := sealed.Unseal(serializer.CodecFactory{}, nil) + if err != nil { + t.Fatalf("Unseal returned error: %v", err) + } + + if got, want := string(unsealed.Data["username"]), "myUsername"; got != want { + t.Errorf("username: got %q, want %q", got, want) + } + if got, want := string(unsealed.Data["settings.xml"]), + `<server><username>myUsername</username></server>`; got != want { + t.Errorf("settings.xml: got %q, want %q", got, want) + } +} + +// TestTemplateDataMixedEncryptedAndPlaintext verifies that templates in +// spec.template.data can reference both encryptedData keys and sibling +// plaintext keys defined in spec.template.data in the same template. +// Regression test for +// https://github.com/bitnami-labs/sealed-secrets/issues/1607 +func TestTemplateDataMixedEncryptedAndPlaintext(t *testing.T) { + secret := v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "myname", + Namespace: "myns", + }, + Data: map[string][]byte{ + "password": []byte("hunter2"), + }, + } + + ssecret, codecs, keys := sealSecret(t, &secret, NewSealedSecret) + + ssecret.Spec.Template.Data = map[string]string{ + "username": "myUsername", + "settings.xml": `<server>` + + `<username>{{ .username }}</username>` + + `<password>{{ .password }}</password>` + + `</server>`, + } + + unsealed, err := ssecret.Unseal(codecs, keys) + if err != nil { + t.Fatalf("Unseal returned error: %v", err) + } + + if got, want := string(unsealed.Data["settings.xml"]), + `<server><username>myUsername</username><password>hunter2</password></server>`; got != want { + t.Errorf("settings.xml: got %q, want %q", got, want) + } +} + +// TestTemplateDataEncryptedTakesPrecedenceOverPlaintext verifies that when +// the same key exists in both encryptedData and template.data, the +// decrypted value from encryptedData wins. This guards against accidentally +// shadowing a real secret with a plaintext placeholder. +func TestTemplateDataEncryptedTakesPrecedenceOverPlaintext(t *testing.T) { + secret := v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "myname", + Namespace: "myns", + }, + Data: map[string][]byte{ + "shared": []byte("from-encrypted"), + }, + } + + ssecret, codecs, keys := sealSecret(t, &secret, NewSealedSecret) + + ssecret.Spec.Template.Data = map[string]string{ + "shared": "from-plaintext-should-be-ignored", + "out.txt": `{{ .shared }}`, + } + + unsealed, err := ssecret.Unseal(codecs, keys) + if err != nil { + t.Fatalf("Unseal returned error: %v", err) + } + + if got, want := string(unsealed.Data["out.txt"]), "from-encrypted"; got != want { + t.Errorf("out.txt: got %q, want %q", got, want) + } + // The output Secret's "shared" key must retain the decrypted value, + // not be overwritten by the plaintext template.data entry. + if got, want := string(unsealed.Data["shared"]), "from-encrypted"; got != want { + t.Errorf("shared key in output Secret: got %q, want %q (plaintext template.data must not overwrite encrypted value)", got, want) + } +} + func TestTemplateWithoutEncryptedData(t *testing.T) { sealed := SealedSecret{ Spec: SealedSecretSpec{ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeseal-0.36.6/pkg/kubeseal/kubeseal_test.go new/kubeseal-0.37.0/pkg/kubeseal/kubeseal_test.go --- old/kubeseal-0.36.6/pkg/kubeseal/kubeseal_test.go 2026-04-09 19:14:35.000000000 +0200 +++ new/kubeseal-0.37.0/pkg/kubeseal/kubeseal_test.go 2026-05-21 16:26:13.000000000 +0200 @@ -15,6 +15,7 @@ "os" "path/filepath" goruntime "runtime" + "slices" "strings" "testing" "time" @@ -30,7 +31,6 @@ "k8s.io/client-go/tools/clientcmd" clientcmdapi "k8s.io/client-go/tools/clientcmd/api" "k8s.io/client-go/util/keyutil" - "k8s.io/utils/strings/slices" ssv1alpha1 "github.com/bitnami-labs/sealed-secrets/pkg/apis/sealedsecrets/v1alpha1" "github.com/bitnami-labs/sealed-secrets/pkg/crypto" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeseal-0.36.6/versions.env new/kubeseal-0.37.0/versions.env --- old/kubeseal-0.36.6/versions.env 2026-04-09 19:14:35.000000000 +0200 +++ new/kubeseal-0.37.0/versions.env 2026-05-21 16:26:13.000000000 +0200 @@ -1,2 +1,2 @@ -GO_VERSION=1.26.2 +GO_VERSION=1.26.3 GO_VERSION_LIST="[\"$GO_VERSION\"]" ++++++ kubeseal.obsinfo ++++++ --- /var/tmp/diff_new_pack.XkpJ31/_old 2026-05-23 23:23:58.772389552 +0200 +++ /var/tmp/diff_new_pack.XkpJ31/_new 2026-05-23 23:23:58.780389879 +0200 @@ -1,5 +1,5 @@ name: kubeseal -version: 0.36.6 -mtime: 1775754875 -commit: 6dc880366d1cafa16683173cc3c8e3b58e930937 +version: 0.37.0 +mtime: 1779373573 +commit: 8e4ed463552a6a6462648a9ff090a1f42abbda30 ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/kubeseal/vendor.tar.gz /work/SRC/openSUSE:Factory/.kubeseal.new.2084/vendor.tar.gz differ: char 13, line 1
