Merge pull request #119589 from carlory/fix-kubectl-1439

fix unusable secret manifest for type docker-registry Kubernetes-commit: d1b2490c80fd5c3e0d90598477f62a70d8099bb2
2024-04-19 11:44:48 -07:00 · 2024-04-19 11:44:48 -07:00 · 04bb64c802
parent 389b2eeaf6 7f19a8d4f7
commit 04bb64c802
4 changed files with 104 additions and 17 deletions
--- a/go.mod
+++ b/go.mod
@ -30,15 +30,15 @@ require (
 	github.com/stretchr/testify v1.8.4
 	golang.org/x/sys v0.18.0
 	gopkg.in/yaml.v2 v2.4.0
-	k8s.io/api v0.0.0-20240418133400-98d0c7a1b77e
-	k8s.io/apimachinery v0.0.0-20240418133208-ea31e5150286
+	k8s.io/api v0.0.0-20240418173402-5975d5e5bda6
+	k8s.io/apimachinery v0.0.0-20240418133208-0ee3e6150890
 	k8s.io/cli-runtime v0.0.0-20240404041703-9ad5569b61bc
-	k8s.io/client-go v0.0.0-20240418173638-506bc538e679
+	k8s.io/client-go v0.0.0-20240418173639-b1c1c0345d1d
 	k8s.io/component-base v0.0.0-20240418094434-57ba0489bfa6
 	k8s.io/component-helpers v0.0.0-20240404040358-dc3c4990ec39
 	k8s.io/klog/v2 v2.120.1
 	k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340
-	k8s.io/metrics v0.0.0-20240418015151-b895691471d2
+	k8s.io/metrics v0.0.0-20240418175733-b6f9651872fa
 	k8s.io/utils v0.0.0-20230726121419-3b25d923346b
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd
 	sigs.k8s.io/kustomize/kustomize/v5 v5.0.4-0.20230601165947-6ce0bf390ce3
@ -94,8 +94,3 @@ require (
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 // indirect
 )
-
-replace (
-	k8s.io/apimachinery => k8s.io/apimachinery v0.0.0-20240418133208-0ee3e6150890
-	k8s.io/code-generator => k8s.io/code-generator v0.0.0-20240418134157-4c3e41ed1361
-)
--- a/go.sum
+++ b/go.sum
@ -276,14 +276,14 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-k8s.io/api v0.0.0-20240418133400-98d0c7a1b77e h1:aMC4qrBMfXPVWNvK5a9JWrPqAYF7IqaEil4veyTpq14=
-k8s.io/api v0.0.0-20240418133400-98d0c7a1b77e/go.mod h1:aiyYpZwHjPqNTHVIbcUReEDsDv1bLzwNhSENZpETJiA=
+k8s.io/api v0.0.0-20240418173402-5975d5e5bda6 h1:iIqllpQqao2EVRqwEYv4PrT5rNpARgSjIvduHLbUhiQ=
+k8s.io/api v0.0.0-20240418173402-5975d5e5bda6/go.mod h1:aiyYpZwHjPqNTHVIbcUReEDsDv1bLzwNhSENZpETJiA=
 k8s.io/apimachinery v0.0.0-20240418133208-0ee3e6150890 h1:QnCWgLriYnSGYNYeDsMidsvvh4zidzUylhjQeKRajk4=
 k8s.io/apimachinery v0.0.0-20240418133208-0ee3e6150890/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc=
 k8s.io/cli-runtime v0.0.0-20240404041703-9ad5569b61bc h1:a12ozjrLRSgKfGuGr0tFr7Aw+jheNPDo6jh/Y1AOkhU=
 k8s.io/cli-runtime v0.0.0-20240404041703-9ad5569b61bc/go.mod h1:XYjtKcGQuoX/UlaQtuRlfn9WIdSSrwDwKAkUx4OdbTk=
-k8s.io/client-go v0.0.0-20240418173638-506bc538e679 h1:x9oHiNTs/lrzJfkaybVyLxt1PFp12Gc40AwXvF1VNRs=
-k8s.io/client-go v0.0.0-20240418173638-506bc538e679/go.mod h1:d+DhvLYByKBJBwanqBYpznH6zR4aeyALOnos5TJnNQA=
+k8s.io/client-go v0.0.0-20240418173639-b1c1c0345d1d h1:FZAH79p0pGyUcq/HV/wJZWh9P4IoGV+oC09Mn7qAj/I=
+k8s.io/client-go v0.0.0-20240418173639-b1c1c0345d1d/go.mod h1:d+DhvLYByKBJBwanqBYpznH6zR4aeyALOnos5TJnNQA=
 k8s.io/component-base v0.0.0-20240418094434-57ba0489bfa6 h1:ZdeuYrtChorFLu6yEbUE48mY6xXc/gkTqd5BFenIAyk=
 k8s.io/component-base v0.0.0-20240418094434-57ba0489bfa6/go.mod h1:sJI0btwpLHRQW24fjrxPwCC8dPfDnLT5Zjjvo1E3BeA=
 k8s.io/component-helpers v0.0.0-20240404040358-dc3c4990ec39 h1:yFNJtVS8DolGRhcPad11SVhYrhkuZnvt/UH78jHUpjs=
@ -292,8 +292,8 @@ k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw=
 k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
 k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag=
 k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98=
-k8s.io/metrics v0.0.0-20240418015151-b895691471d2 h1:8t+fm49iESk7KyRtZthdbk/bgapb69xsv0WCY99tbHw=
-k8s.io/metrics v0.0.0-20240418015151-b895691471d2/go.mod h1:6BtBw4dYxgGd9MpdyJ/0Qmy9jFJ1+9pWoKM2z+xXB+g=
+k8s.io/metrics v0.0.0-20240418175733-b6f9651872fa h1:bcDw4On9OXBmEydsk4nz2dUXD3fftSjku0DSNJmJNU8=
+k8s.io/metrics v0.0.0-20240418175733-b6f9651872fa/go.mod h1:IjaG4wVwF79Z6yrFQLlVbVYPjVvtOT6hm8dVyTQvdkk=
 k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI=
 k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
--- a/pkg/cmd/create/create_secret_docker.go
+++ b/pkg/cmd/create/create_secret_docker.go
@ -21,6 +21,7 @@ import (
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
+	"strings"

 	"github.com/spf13/cobra"
 	corev1 "k8s.io/api/core/v1"
@ -58,7 +59,7 @@ var (
 		  kubectl create secret docker-registry my-secret --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER --docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL

 		  # Create a new secret named my-secret from ~/.docker/config.json
-		  kubectl create secret docker-registry my-secret --from-file=.dockerconfigjson=path/to/.docker/config.json`))
+		  kubectl create secret docker-registry my-secret --from-file=path/to/.docker/config.json`))
 )

 // DockerConfigJSON represents a local docker auth config file
@ -152,7 +153,11 @@ func NewCmdCreateSecretDockerRegistry(f cmdutil.Factory, ioStreams genericioopti
 	cmd.Flags().StringVar(&o.Email, "docker-email", o.Email, i18n.T("Email for Docker registry"))
 	cmd.Flags().StringVar(&o.Server, "docker-server", o.Server, i18n.T("Server location for Docker registry"))
 	cmd.Flags().BoolVar(&o.AppendHash, "append-hash", o.AppendHash, "Append a hash of the secret to its name.")
-	cmd.Flags().StringSliceVar(&o.FileSources, "from-file", o.FileSources, "Key files can be specified using their file path, in which case a default name will be given to them, or optionally with a name and file path, in which case the given name will be used.  Specifying a directory will iterate each named file in the directory that is a valid secret key.")
+	cmd.Flags().StringSliceVar(&o.FileSources, "from-file", o.FileSources, "Key files can be specified using their file path, "+
+		"in which case a default name of "+corev1.DockerConfigJsonKey+" will be given to them, "+
+		"or optionally with a name and file path, in which case the given name will be used. "+
+		"Specifying a directory will iterate each named file in the directory that is a valid secret key. "+
+		"For this command, the key should always be "+corev1.DockerConfigJsonKey+".")

 	cmdutil.AddFieldManagerFlagVar(cmd, &o.FieldManager, "kubectl-create")

@ -204,6 +209,11 @@ func (o *CreateSecretDockerRegistryOptions) Complete(f cmdutil.Factory, cmd *cob
 		return err
 	}

+	for i := range o.FileSources {
+		if !strings.Contains(o.FileSources[i], "=") {
+			o.FileSources[i] = corev1.DockerConfigJsonKey + "=" + o.FileSources[i]
+		}
+	}
 	return nil
 }

--- a/pkg/cmd/create/create_secret_docker_test.go
+++ b/pkg/cmd/create/create_secret_docker_test.go
@ -17,11 +17,16 @@ limitations under the License.
 package create

 import (
+	"encoding/json"
+	"fmt"
+	"os"
 	"testing"

 	corev1 "k8s.io/api/core/v1"
 	apiequality "k8s.io/apimachinery/pkg/api/equality"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/cli-runtime/pkg/genericiooptions"
+	cmdtesting "k8s.io/kubectl/pkg/cmd/testing"
 )

 func TestCreateSecretDockerRegistry(t *testing.T) {
@ -183,3 +188,80 @@ func TestCreateSecretDockerRegistry(t *testing.T) {
 		})
 	}
 }
+
+func TestCreateSecretDockerRegistryFromFile(t *testing.T) {
+	username, password, email, server := "test-user", "test-password", "test-user@example.org", "https://index.docker.io/v1/"
+	secretData, err := handleDockerCfgJSONContent(username, password, email, server)
+	if err != nil {
+		t.Errorf("unexpected error: %v", err)
+	}
+	secret := &corev1.Secret{
+		TypeMeta: metav1.TypeMeta{
+			APIVersion: corev1.SchemeGroupVersion.String(),
+			Kind:       "Secret",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name: "foo",
+		},
+		Type: corev1.SecretTypeDockerConfigJson,
+		Data: map[string][]byte{
+			corev1.DockerConfigJsonKey: secretData,
+		},
+	}
+
+	tests := map[string]struct {
+		withKey  bool
+		expected *corev1.Secret
+	}{
+		"create_secret_docker_registry_from_file_with_keyname": {
+			withKey:  true,
+			expected: secret,
+		},
+		"create_secret_docker_registry_from_file_without_keyname": {
+			withKey:  false,
+			expected: secret,
+		},
+	}
+
+	// Run all the tests
+	for name, test := range tests {
+		t.Run(name, func(t *testing.T) {
+			tmp, _ := os.MkdirTemp("", "input")
+			defer func() {
+				err := os.RemoveAll(tmp)
+				if err != nil {
+					t.Fatalf("Failed to teardown: %s", err)
+				}
+			}()
+			dockerCfgFile := tmp + "/dockerconfig.json"
+			err := os.WriteFile(dockerCfgFile, secretData, 0644)
+			if err != nil {
+				t.Errorf("unexpected error: %v", err)
+			}
+
+			tf := cmdtesting.NewTestFactory()
+			defer tf.Cleanup()
+			ioStreams, _, out, _ := genericiooptions.NewTestIOStreams()
+			cmd := NewCmdCreateSecretDockerRegistry(tf, ioStreams)
+			args := []string{"foo", "--dry-run=client", "-ojson"}
+			if test.withKey {
+				args = append(args, fmt.Sprintf("--from-file=%s=%s", corev1.DockerConfigJsonKey, dockerCfgFile))
+			} else {
+				args = append(args, fmt.Sprintf("--from-file=%s", dockerCfgFile))
+			}
+			cmd.SetArgs(args)
+			err = cmd.Execute()
+			if err != nil {
+				t.Errorf("unexpected error: %v", err)
+			}
+			got := &corev1.Secret{}
+			err = json.Unmarshal(out.Bytes(), got)
+			if err != nil {
+				t.Errorf("unexpected error: %v", err)
+			}
+			if !apiequality.Semantic.DeepEqual(got, test.expected) {
+				t.Errorf("test %s\n expected:\n%#v\ngot:\n%#v", name, test.expected, got)
+			}
+		})
+	}
+}