From f6403df16f7b2b61fa4d06482448634c967b4e99 Mon Sep 17 00:00:00 2001
From: Somtochi Onyekwere <somtochionyekwere@gmail.com>
Date: Thu, 25 Nov 2021 12:34:20 +0100
Subject: [PATCH 1/2] Add test for varsub in secret

Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
---
 controllers/kustomization_varsub_test.go | 18 +++++++++++++++++-
 docs/spec/v1beta2/kustomization.md       | 12 ++++++++++++
 2 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/controllers/kustomization_varsub_test.go b/controllers/kustomization_varsub_test.go
index 29407ee1..a00b53e0 100644
--- a/controllers/kustomization_varsub_test.go
+++ b/controllers/kustomization_varsub_test.go
@@ -21,7 +21,6 @@ import (
 	"fmt"
 	"testing"
 
-	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta2"
 	"github.com/fluxcd/pkg/apis/meta"
 	"github.com/fluxcd/pkg/testserver"
 	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
@@ -31,6 +30,8 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta2"
 )
 
 func TestKustomizationReconciler_Varsub(t *testing.T) {
@@ -58,6 +59,18 @@ metadata:
     environment: ${env:=dev}
     region: "${_Region}" 
     zone: "${zone}"
+`, name),
+			},
+			{
+				Name: "secret.yaml",
+				Body: fmt.Sprintf(`---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: %[1]s
+  namespace: %[1]s
+stringData:
+  zone: ${zone}
 `, name),
 			},
 		}
@@ -145,6 +158,7 @@ metadata:
 
 	resultK := &kustomizev1.Kustomization{}
 	resultSA := &corev1.ServiceAccount{}
+	resultSecret := &corev1.Secret{}
 
 	t.Run("reconciles successfully", func(t *testing.T) {
 		g.Eventually(func() bool {
@@ -158,6 +172,7 @@ metadata:
 		}, timeout, interval).Should(BeTrue())
 
 		g.Expect(k8sClient.Get(context.Background(), types.NamespacedName{Name: id, Namespace: id}, resultSA)).Should(Succeed())
+		g.Expect(k8sClient.Get(context.Background(), types.NamespacedName{Name: id, Namespace: id}, resultSecret)).Should(Succeed())
 	})
 
 	t.Run("sets status", func(t *testing.T) {
@@ -170,6 +185,7 @@ metadata:
 		g.Expect(resultSA.Labels["environment"]).To(Equal("dev"))
 		g.Expect(resultSA.Labels["region"]).To(Equal("eu-central-1"))
 		g.Expect(resultSA.Labels["zone"]).To(Equal("az-1b"))
+		g.Expect(string(resultSecret.Data["zone"])).To(Equal("az-1b"))
 	})
 
 	t.Run("sets owner labels", func(t *testing.T) {
diff --git a/docs/spec/v1beta2/kustomization.md b/docs/spec/v1beta2/kustomization.md
index ce96c125..aba66c6c 100644
--- a/docs/spec/v1beta2/kustomization.md
+++ b/docs/spec/v1beta2/kustomization.md
@@ -756,6 +756,18 @@ spec:
         name: cluster-secret-vars
 ```
 
+Note that for substituting variables in a secret, `spec.stringData` field must be used i.e
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secret
+  namespace: flux-system
+type: Opaque
+stringData:
+  token: ${token}
+```
+
 The var values which are specified in-line with `substitute`
 take precedence over the ones in `substituteFrom`.
 

From 0d9bd5a5547c1c6b53650c4d104a7522601bf4da Mon Sep 17 00:00:00 2001
From: Somtochi Onyekwere <somtochionyekwere@gmail.com>
Date: Mon, 29 Nov 2021 12:02:45 +0100
Subject: [PATCH 2/2] Add line above yaml block

Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
---
 docs/spec/v1beta2/kustomization.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/spec/v1beta2/kustomization.md b/docs/spec/v1beta2/kustomization.md
index aba66c6c..f7cc029a 100644
--- a/docs/spec/v1beta2/kustomization.md
+++ b/docs/spec/v1beta2/kustomization.md
@@ -757,6 +757,7 @@ spec:
 ```
 
 Note that for substituting variables in a secret, `spec.stringData` field must be used i.e
+
 ```yaml
 apiVersion: v1
 kind: Secret