Merge pull request #11403 from juanvallejo/jvallejo/prevent-validating-forbidden-secrets

OpenShift Bot · web-flow · commit 271fff843e57 · 2016-11-18T18:08:49.000-05:00
Merged by openshift-bot
diff --git a/pkg/api/kubegraph/nodes/nodes.go b/pkg/api/kubegraph/nodes/nodes.go
@@ -76,7 +76,11 @@ func EnsureSecretNode(g osgraph.MutableUniqueGraph, o *kapi.Secret) *SecretNode
 	return osgraph.EnsureUnique(g,
 		SecretNodeName(o),
 		func(node osgraph.Node) graph.Node {
-			return &SecretNode{node, o, true}
+			return &SecretNode{
+				Node:    node,
+				Secret:  o,
+				IsFound: true,
+			}
 		},
 	).(*SecretNode)
 }
@@ -85,7 +89,11 @@ func FindOrCreateSyntheticSecretNode(g osgraph.MutableUniqueGraph, o *kapi.Secre
 	return osgraph.EnsureUnique(g,
 		SecretNodeName(o),
 		func(node osgraph.Node) graph.Node {
-			return &SecretNode{node, o, false}
+			return &SecretNode{
+				Node:    node,
+				Secret:  o,
+				IsFound: false,
+			}
 		},
 	).(*SecretNode)
 }
diff --git a/pkg/cmd/cli/describe/projectstatus.go b/pkg/cmd/cli/describe/projectstatus.go
@@ -266,7 +266,7 @@ func (d *ProjectStatusDescriber) Describe(namespace, name string) (string, error
 
 		allMarkers := osgraph.Markers{}
 		allMarkers = append(allMarkers, createForbiddenMarkers(forbiddenResources)...)
-		for _, scanner := range getMarkerScanners(d.LogsCommandName, d.SecurityPolicyCommandFormat, d.SetProbeCommandName) {
+		for _, scanner := range getMarkerScanners(d.LogsCommandName, d.SecurityPolicyCommandFormat, d.SetProbeCommandName, forbiddenResources) {
 			allMarkers = append(allMarkers, scanner(g, f)...)
 		}
 
@@ -374,13 +374,19 @@ func createForbiddenMarkers(forbiddenResources sets.String) []osgraph.Marker {
 	return markers
 }
 
-func getMarkerScanners(logsCommandName, securityPolicyCommandFormat, setProbeCommandName string) []osgraph.MarkerScanner {
+func getMarkerScanners(logsCommandName, securityPolicyCommandFormat, setProbeCommandName string, forbiddenResources sets.String) []osgraph.MarkerScanner {
 	return []osgraph.MarkerScanner{
 		func(g osgraph.Graph, f osgraph.Namer) []osgraph.Marker {
 			return kubeanalysis.FindRestartingPods(g, f, logsCommandName, securityPolicyCommandFormat)
 		},
 		kubeanalysis.FindDuelingReplicationControllers,
-		kubeanalysis.FindMissingSecrets,
+		func(g osgraph.Graph, f osgraph.Namer) []osgraph.Marker {
+			// do not attempt to add markers for missing secrets if dealing with forbidden errors
+			if forbiddenResources.Has("secrets") {
+				return []osgraph.Marker{}
+			}
+			return kubeanalysis.FindMissingSecrets(g, f)
+		},
 		kubeanalysis.FindHPASpecsMissingCPUTargets,
 		kubeanalysis.FindHPASpecsMissingScaleRefs,
 		kubeanalysis.FindOverlappingHPAs,
