parse resource name before removing deleted secret

Although unlinking deleted secrets from a serviceaccount is currently supported, `oc secret unlink` failed to unlink a deleted secret if its name was specified as secrets/deleted-secret-name. This patch parses each secret's name, removing the <secrets/> segment before appending it to a string set of removed secret names.
openshift · Oct 23, 2017 · cd1ce5b · cd1ce5b
1 parent 337ee95
commit cd1ce5b
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 1 deletion.
diff --git a/pkg/oc/cli/secrets/options.go b/pkg/oc/cli/secrets/options.go
@@ -6,6 +6,7 @@ import (
 	"io"
 	"io/ioutil"
 	"os"
+	"strings"
 
 	kerrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -98,11 +99,22 @@ func (o SecretOptions) GetServiceAccount() (*kapi.ServiceAccount, error) {
 func (o SecretOptions) GetSecretNames(secrets []*kapi.Secret) sets.String {
 	names := sets.String{}
 	for _, secret := range secrets {
-		names.Insert(secret.Name)
+		names.Insert(parseResourceName(secret.Name))
 	}
 	return names
 }
 
+// parseResourceName receives either a resource name as either
+// <resource type> / <name> or <name> and returns only the resource <name>.
+func parseResourceName(name string) string {
+	segs := strings.Split(name, "/")
+	if len(segs) < 2 {
+		return name
+	}
+
+	return segs[1]
+}
+
 // GetMountSecretNames Get a list of the names of the mount secrets associated
 // with a service account
 func (o SecretOptions) GetMountSecretNames(serviceaccount *kapi.ServiceAccount) sets.String {

diff --git a/test/cmd/secrets.sh b/test/cmd/secrets.sh
@@ -84,6 +84,19 @@ os::cmd::expect_success 'oc secrets add deployer basicauth sshauth --for=pull'
 # make sure we can add as as pull secret and mount secret at once
 os::cmd::expect_success 'oc secrets add deployer basicauth sshauth --for=pull,mount'
 
+# attach secrets to service account
+# test that those secrets can be unlinked
+# after they have been deleted.
+os::cmd::expect_success 'oc create secret generic deleted-secret'
+os::cmd::expect_success 'oc secrets link deployer deleted-secret'
+# confirm our soon-to-be-deleted secret has been linked
+os::cmd::expect_success 'oc get serviceaccounts/deployer -o yaml |grep -q deleted-secret'
+# delete "deleted-secret" and attempt to unlink from service account
+os::cmd::expect_success 'oc delete secret deleted-secret'
+os::cmd::expect_failure_and_text 'oc secrets unlink deployer secrets/deleted-secret' 'Unlinked deleted secrets'
+# ensure already-deleted secret has been unlinked
+os::cmd::expect_failure 'oc get serviceaccounts/deployer -o yaml |grep -q deleted-secret'
+
 # attach secrets to service account
 # single secret with prefix
 os::cmd::expect_success 'oc secrets link deployer basicauth'