diff --git a/pkg/kinflate/commands/secret.go b/pkg/kinflate/commands/secret.go index eeb05e256..343afedff 100644 --- a/pkg/kinflate/commands/secret.go +++ b/pkg/kinflate/commands/secret.go @@ -75,6 +75,26 @@ func newCmdAddSecretGeneric(errOut io.Writer, fsys fs.FileSystem) *cobra.Command return cmd } +// NewCmdAddSecret returns a new Cobra command that wraps generic and tls secrets. +func NewCmdAddSecret(errOut io.Writer) *cobra.Command { + cmd := &cobra.Command{ + Use: "secret", + Short: "Adds a secret using specified subcommand", + Example: ` + # Adds a generic secret to the Manifest (with a specified key) + kinflate secret generic my-secret --from-file=my-key=file/path --from-literal=my-literal=12345 + + # Adds a TLS secret to the Manifest (with a specified key) + kinflate secret tls my-tls-secret --cert=cert/path.cert --key=key/path.key +`, + } + fsys := fs.MakeRealFS() + cmd.AddCommand(newCmdAddSecretGeneric(errOut, fsys)) + cmd.AddCommand(newCmdAddSecretTLS(errOut, fsys)) + + return cmd +} + func addGenericSecret(m *manifest.Manifest, config dataConfig) error { gs := getOrCreateGenericSecret(m, config.Name) @@ -130,7 +150,7 @@ func (a *addTLSSecret) Validate(args []string) error { } // newCmdCreateSecretTLS is a macro command for creating secrets to work with Docker registries -func newCmdAddSecretTLS(errOut io.Writer) *cobra.Command { +func newCmdAddSecretTLS(errOut io.Writer, fsys fs.FileSystem) *cobra.Command { var config addTLSSecret cmd := &cobra.Command{ Use: "tls NAME --cert=path/to/cert/file --key=path/to/key/file", @@ -146,8 +166,18 @@ func newCmdAddSecretTLS(errOut io.Writer) *cobra.Command { return err } - // TODO(apelisse,droot): Do something with that config. - return nil + loader := kutil.ManifestLoader{FS: fsys} + m, err := loader.Read(constants.KubeManifestFileName) + if err != nil { + return err + } + + err = addTLSSecretToManifest(m, config) + if err != nil { + return err + } + + return loader.Write(constants.KubeManifestFileName, m) }, } @@ -157,21 +187,35 @@ func newCmdAddSecretTLS(errOut io.Writer) *cobra.Command { return cmd } -// NewCmdAddSecret returns a new Cobra command that wraps generic and tls secrets. -func NewCmdAddSecret(errOut io.Writer) *cobra.Command { - cmd := &cobra.Command{ - Use: "secret", - Short: "Adds a secret using specified subcommand", - Example: ` - # Adds a generic secret to the Manifest (with a specified key) - kinflate secret generic my-secret --from-file=my-key=file/path --from-literal=my-literal=12345 +// addTLSSecretToManifest appends the TLS secret to the manifest, or returns +// an error if the secret already exists. +func addTLSSecretToManifest(m *manifest.Manifest, a addTLSSecret) error { - # Adds a TLS secret to the Manifest (with a specified key) - kinflate secret tls my-tls-secret --cert=cert/path.cert --key=key/path.key -`, + if tlsSecretExists(m, a.Name) { + return fmt.Errorf("TLS Secret already exists") } - cmd.AddCommand(newCmdAddSecretGeneric(errOut, fs.MakeRealFS())) - cmd.AddCommand(newCmdAddSecretTLS(errOut)) - return cmd + tls := manifest.TLSSecret{ + Name: a.Name, + CertFile: a.Cert, + KeyFile: a.Key, + } + m.TLSSecrets = append(m.TLSSecrets, tls) + + // Validate manifest's TLS secret by creating a TLS secret. + _, _, err := configmapandsecret.MakeTLSSecretAndGenerateName(tls) + if err != nil { + return err + } + + return nil +} + +func tlsSecretExists(m *manifest.Manifest, name string) bool { + for _, s := range m.TLSSecrets { + if name == s.Name { + return true + } + } + return false } diff --git a/pkg/kinflate/commands/secret_test.go b/pkg/kinflate/commands/secret_test.go index fcba5c6cc..b07876b38 100644 --- a/pkg/kinflate/commands/secret_test.go +++ b/pkg/kinflate/commands/secret_test.go @@ -31,34 +31,57 @@ func TestNewAddSecretIsNotNil(t *testing.T) { func TestGetOrCreateGenericSecret(t *testing.T) { gsName := "test-generic-secret" - manifest := &manifest.Manifest{ + m := &manifest.Manifest{ NamePrefix: "test-name-prefix", } - if len(manifest.GenericSecrets) != 0 { + if len(m.GenericSecrets) != 0 { t.Fatal("Initial manifest should not have any genericsecrets") } - gs := getOrCreateGenericSecret(manifest, gsName) + gs := getOrCreateGenericSecret(m, gsName) if gs == nil { t.Fatalf("GenericSecret should always be non-nil") } - if len(manifest.GenericSecrets) != 1 { + if len(m.GenericSecrets) != 1 { t.Fatalf("Manifest should have newly created generic secret") } - if &manifest.GenericSecrets[len(manifest.GenericSecrets)-1] != gs { + if &m.GenericSecrets[len(m.GenericSecrets)-1] != gs { t.Fatalf("Pointer address for newly inserted generic secret should be same") } - existingGS := getOrCreateGenericSecret(manifest, gsName) - + existingGS := getOrCreateGenericSecret(m, gsName) if existingGS != gs { t.Fatalf("should have returned an existing generic secret with name: %v", gsName) } - if len(manifest.GenericSecrets) != 1 { + if len(m.GenericSecrets) != 1 { t.Fatalf("Should not insert generic secret for an existing name: %v", gsName) } } + +func TestTLSecretExists(t *testing.T) { + tlsName := "test-tls-secret" + + m := &manifest.Manifest{ + NamePrefix: "test-name-prefix", + } + + if len(m.TLSSecrets) != 0 { + t.Fatal("Initial manifest should not have any TLS secrets") + } + if tlsSecretExists(m, tlsName) { + t.Fatalf("TLS Secret should not exist in manifest") + } + + m.TLSSecrets = append(m.TLSSecrets, manifest.TLSSecret{Name: tlsName}) + + if len(m.TLSSecrets) != 1 { + t.Fatal("Manifest should have one TLS secrets") + } + if !tlsSecretExists(m, tlsName) { + t.Fatalf("One TLS Secret should exist in manifest") + } +}