How to iterate over a multi-document YAML file to pipe to a command?

Question

I have a command that generates a secrets file that contains multiple yaml documents separated by --- that looks like the following output:

## THE COMMAND THAT RUNS
kubectl kustomize .

## SENDS THE FOLLOWING TO STDOUT
data:
  firebase-dev-credentials.json: |
    MY_BASE_64_CREDENTIALS
kind: Secret
metadata:
  name: nodejs-firebase-credentials-989t6dg7m2
type: Opaque
---
apiVersion: v1
data:
  AGENDA_DATABASE_URL: |
    MY_BASE_64_URL
kind: Secret
metadata:
  name: nodejs-secrets-c229fkh579
type: Opaque

Now, I have to pipe the yaml document to another command for processing, something like:

kubectl kustomize . | kubeseal

However, the kubeseal command does not accept multi-document yaml. So I figured I'd need to split the yaml by --- and send each individual document to the kubeseal command?

Using bash, what is the preferred approach to accomplish this task?

For example, I suppose I cannot do something simple like this as the stdout is multiline?

export IFS=";"
sentence="one;two;three"
for word in $sentence; do
  echo "$word"
done

Answer 1

If parsing with bash only,

x="$(kubectl kustomize .)"
while [[ -n "$x" ]]
do ary+=("${x%%---*}")
if [[ "$x" =~ --- ]]; then x="${x#*---}"; else x=''; fi
done
for yml in "${ary[@]}"; do kubeseal<<<"$yml"; done

Answer 2

Es every so often, there might be different solutions, but one way is:

IFS="" # retain front tabs
buf=""
while read line
do
    if [ "$line" == "---" ]
    then
        echo -e $buf | kubeseal
        buf=""
    else
        if [ "$buf" == "" ] # prevent empty first newline
        then
            buf="$line"
        else
            buf=$(echo "$buf\\n$line")
        fi
    fi
done < yml

# get last section
echo -e $buf | kubeseal

Answer 3

You can pipe through yq eval 'select(di == N)' to select out document N. But really, you wouldn't do this. You would include the already sealed data in your Kustomize config, it's not something you want to run automatically.