diff --git a/pkg/oc/cli/secrets/options.go b/pkg/oc/cli/secrets/options.go index c5a25f509f83..6b0d0c382ed1 100644 --- a/pkg/oc/cli/secrets/options.go +++ b/pkg/oc/cli/secrets/options.go @@ -6,6 +6,7 @@ import ( "io" "io/ioutil" "os" + "strings" kerrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -98,11 +99,26 @@ func (o SecretOptions) GetServiceAccount() (*kapi.ServiceAccount, error) { func (o SecretOptions) GetSecretNames(secrets []*kapi.Secret) sets.String { names := sets.String{} for _, secret := range secrets { - names.Insert(secret.Name) + names.Insert(parseSecretName(secret.Name)) } return names } +// parseSecretName receives a resource name as either +// / or and returns only the resource . +func parseSecretName(name string) string { + segs := strings.Split(name, "/") + if len(segs) < 2 { + return name + } + + if segs[0] == "secret" || segs[0] == "secrets" { + return segs[1] + } + + return name +} + // GetMountSecretNames Get a list of the names of the mount secrets associated // with a service account func (o SecretOptions) GetMountSecretNames(serviceaccount *kapi.ServiceAccount) sets.String { diff --git a/test/cmd/secrets.sh b/test/cmd/secrets.sh index 0a32b1c57257..01edb852e28f 100755 --- a/test/cmd/secrets.sh +++ b/test/cmd/secrets.sh @@ -84,6 +84,20 @@ os::cmd::expect_success 'oc secrets add deployer basicauth sshauth --for=pull' # make sure we can add as as pull secret and mount secret at once os::cmd::expect_success 'oc secrets add deployer basicauth sshauth --for=pull,mount' +# attach secrets to service account +# test that those secrets can be unlinked +# after they have been deleted. +os::cmd::expect_success 'oc create secret generic deleted-secret' +os::cmd::expect_success 'oc secrets link deployer deleted-secret' +# confirm our soon-to-be-deleted secret has been linked +os::cmd::expect_success_and_text "oc get serviceaccount deployer -o jsonpath='{.secrets[?(@.name==\"deleted-secret\")]}'" 'deleted\-secret' +os::cmd::expect_success 'oc get serviceaccounts/deployer -o yaml |grep -q deleted-secret' +# delete "deleted-secret" and attempt to unlink from service account +os::cmd::expect_success 'oc delete secret deleted-secret' +os::cmd::expect_failure_and_text 'oc secrets unlink deployer secrets/deleted-secret' 'Unlinked deleted secrets' +# ensure already-deleted secret has been unlinked +os::cmd::expect_success_and_not_text "oc get serviceaccount deployer -o jsonpath='{.secrets[?(@.name==\"deleted-secret\")]}'" 'deleted\-secret' + # attach secrets to service account # single secret with prefix os::cmd::expect_success 'oc secrets link deployer basicauth'