From 5c9cbe676d0a5eacef6548775774c85858d355ea Mon Sep 17 00:00:00 2001
From: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
Date: Mon, 18 Apr 2022 16:16:08 +0530
Subject: [PATCH] handle secret types properly while masking sops data

Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
---
 internal/build/build.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/internal/build/build.go b/internal/build/build.go
index 27fa06a7..df51db5b 100644
--- a/internal/build/build.go
+++ b/internal/build/build.go
@@ -21,6 +21,7 @@ import (
 	"context"
 	"encoding/base64"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"os"
 	"sync"
@@ -343,7 +344,11 @@ func maskSopsData(res *resource.Resource) error {
 			res.PipeE(yaml.FieldClearer{Name: "sops"})
 
 			secretType, err := res.GetFieldValue(typeField)
-			if err != nil {
+			// If the intented type is Opaque, then it can be omitted from the manifest, since it's the default
+			// Ref: https://kubernetes.io/docs/concepts/configuration/secret/#opaque-secrets
+			if errors.As(err, &yaml.NoFieldError{}) {
+				secretType = "Opaque"
+			} else if err != nil {
 				return fmt.Errorf("failed to mask secret %s sops data: %w", res.GetName(), err)
 			}