Merge pull request #18253 from bparees/resolve_secret2

openshift-merge-robot · web-flow · commit 4f709b48f8e5 · 2018-01-25T07:26:53.000-08:00
Automatic merge from submit-queue. wait for default service account secrets before running build fixes https://bugzilla.redhat.com/show_bug.cgi?id=1333030
diff --git a/pkg/build/apis/build/types.go b/pkg/build/apis/build/types.go
@@ -544,7 +544,7 @@ const (
 	StatusMessageFailedContainer                 = "The pod for this build has at least one container with a non-zero exit status."
 	StatusMessageGenericBuildFailed              = "Generic Build failure - check logs for details."
 	StatusMessageUnresolvableEnvironmentVariable = "Unable to resolve build environment variable reference."
-	StatusMessageCannotRetrieveServiceAccount    = "Unable to look up the service account associated with this build."
+	StatusMessageCannotRetrieveServiceAccount    = "Unable to look up the service account secrets for this build."
 )
 
 // BuildStatusOutput contains the status of the built image.
diff --git a/pkg/build/controller/build/build_controller.go b/pkg/build/controller/build/build_controller.go
@@ -500,11 +500,23 @@ func (bc *BuildController) resolveImageSecretAsReference(build *buildapi.Build,
 	if err != nil {
 		return nil, fmt.Errorf("Error getting push/pull secrets for service account %s/%s: %v", build.Namespace, serviceAccount, err)
 	}
-	pushSecret := buildutil.FindDockerSecretAsReference(builderSecrets, imagename)
-	if pushSecret == nil {
+	secret := buildutil.FindDockerSecretAsReference(builderSecrets, imagename)
+	if secret == nil {
+		dockerSecretExists := false
+		for _, builderSecret := range builderSecrets {
+			if builderSecret.Type == kapi.SecretTypeDockercfg || builderSecret.Type == kapi.SecretTypeDockerConfigJson {
+				dockerSecretExists = true
+				break
+			}
+		}
+		// If there are no docker secrets associated w/ the service account, return an error so the build
+		// will be retried.  The secrets will be created shortly.
+		if !dockerSecretExists {
+			return nil, fmt.Errorf("No docker secrets associated with build service account %s", serviceAccount)
+		}
 		glog.V(4).Infof("No secrets found for pushing or pulling image named %s for build %s/%s", imagename, build.Namespace, build.Name)
 	}
-	return pushSecret, nil
+	return secret, nil
 }
 
 // resourceName creates a string that can be used to uniquely key the provided resource.
diff --git a/pkg/build/controller/build/build_controller_test.go b/pkg/build/controller/build/build_controller_test.go
@@ -456,7 +456,7 @@ func TestCreateBuildPodWithImageStreamOutput(t *testing.T) {
 	imageStreamRef := &kapi.ObjectReference{Name: "isname:latest", Namespace: "isnamespace", Kind: "ImageStreamTag"}
 	bc := newFakeBuildController(nil, imageClient, nil, nil)
 	defer bc.stop()
-	build := dockerStrategy(mockBuild(buildapi.BuildPhaseNew, buildapi.BuildOutput{To: imageStreamRef}))
+	build := dockerStrategy(mockBuild(buildapi.BuildPhaseNew, buildapi.BuildOutput{To: imageStreamRef, PushSecret: &kapi.LocalObjectReference{}}))
 	podName := buildapi.GetBuildPodName(build)
 
 	update, err := bc.createBuildPod(build)
@@ -479,7 +479,7 @@ func TestCreateBuildPodWithOutputImageStreamMissing(t *testing.T) {
 	imageStreamRef := &kapi.ObjectReference{Name: "isname:latest", Namespace: "isnamespace", Kind: "ImageStreamTag"}
 	bc := newFakeBuildController(nil, nil, nil, nil)
 	defer bc.stop()
-	build := dockerStrategy(mockBuild(buildapi.BuildPhaseNew, buildapi.BuildOutput{To: imageStreamRef}))
+	build := dockerStrategy(mockBuild(buildapi.BuildPhaseNew, buildapi.BuildOutput{To: imageStreamRef, PushSecret: &kapi.LocalObjectReference{}}))
 
 	update, err := bc.createBuildPod(build)
 
@@ -499,7 +499,7 @@ func TestCreateBuildPodWithImageStreamMissing(t *testing.T) {
 	imageStreamRef := &kapi.ObjectReference{Name: "isname:latest", Kind: "DockerImage"}
 	bc := newFakeBuildController(nil, nil, nil, nil)
 	defer bc.stop()
-	build := dockerStrategy(mockBuild(buildapi.BuildPhaseNew, buildapi.BuildOutput{To: imageStreamRef}))
+	build := dockerStrategy(mockBuild(buildapi.BuildPhaseNew, buildapi.BuildOutput{To: imageStreamRef, PushSecret: &kapi.LocalObjectReference{}}))
 	build.Spec.Strategy.DockerStrategy.From = &kapi.ObjectReference{Kind: "ImageStreamTag", Name: "isname:latest"}
 
 	update, err := bc.createBuildPod(build)
@@ -524,7 +524,7 @@ func TestCreateBuildPodWithImageStreamUnresolved(t *testing.T) {
 	imageStreamRef := &kapi.ObjectReference{Name: "isname:latest", Namespace: "isnamespace", Kind: "ImageStreamTag"}
 	bc := newFakeBuildController(nil, imageClient, nil, nil)
 	defer bc.stop()
-	build := dockerStrategy(mockBuild(buildapi.BuildPhaseNew, buildapi.BuildOutput{To: imageStreamRef}))
+	build := dockerStrategy(mockBuild(buildapi.BuildPhaseNew, buildapi.BuildOutput{To: imageStreamRef, PushSecret: &kapi.LocalObjectReference{}}))
 
 	update, err := bc.createBuildPod(build)
 

Original file line number	Diff line number	Diff line change
`@@ -544,7 +544,7 @@ const (`
`544`	`544`	`StatusMessageFailedContainer = "The pod for this build has at least one container with a non-zero exit status."`
`545`	`545`	`StatusMessageGenericBuildFailed = "Generic Build failure - check logs for details."`
`546`	`546`	`StatusMessageUnresolvableEnvironmentVariable = "Unable to resolve build environment variable reference."`
`547`		`- StatusMessageCannotRetrieveServiceAccount = "Unable to look up the service account associated with this build."`
	`547`	`+ StatusMessageCannotRetrieveServiceAccount = "Unable to look up the service account secrets for this build."`
`548`	`548`	`)`
`549`	`549`
`550`	`550`	`// BuildStatusOutput contains the status of the built image.`