parse resource name before removing deleted secret

juanvallejo · juanvallejo · commit c0e6b17bba13 · 2017-10-23T14:43:46.000-04:00
Although unlinking deleted secrets from a serviceaccount is currently
supported, `oc secret unlink` failed to unlink a deleted secret if its
name was specified as secrets/deleted-secret-name.

This patch parses each secret's name, removing the &lt;secrets/&gt; segment
before appending it to a string set of removed secret names.
diff --git a/pkg/oc/cli/secrets/options.go b/pkg/oc/cli/secrets/options.go
@@ -6,6 +6,7 @@ import (
 	"io"
 	"io/ioutil"
 	"os"
+	"strings"
 
 	kerrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -98,11 +99,26 @@ func (o SecretOptions) GetServiceAccount() (*kapi.ServiceAccount, error) {
 func (o SecretOptions) GetSecretNames(secrets []*kapi.Secret) sets.String {
 	names := sets.String{}
 	for _, secret := range secrets {
-		names.Insert(secret.Name)
+		names.Insert(parseSecretName(secret.Name))
 	}
 	return names
 }
 
+// parseSecretName receives a resource name as either
+// <resource type> / <name> or <name> and returns only the resource <name>.
+func parseSecretName(name string) string {
+	segs := strings.Split(name, "/")
+	if len(segs) < 2 {
+		return name
+	}
+
+	if segs[0] == "secret" || segs[0] == "secrets" {
+		return segs[1]
+	}
+
+	return name
+}
+
 // GetMountSecretNames Get a list of the names of the mount secrets associated
 // with a service account
 func (o SecretOptions) GetMountSecretNames(serviceaccount *kapi.ServiceAccount) sets.String {
diff --git a/test/cmd/secrets.sh b/test/cmd/secrets.sh
@@ -84,6 +84,20 @@ os::cmd::expect_success 'oc secrets add deployer basicauth sshauth --for=pull'
 # make sure we can add as as pull secret and mount secret at once
 os::cmd::expect_success 'oc secrets add deployer basicauth sshauth --for=pull,mount'
 
+# attach secrets to service account
+# test that those secrets can be unlinked
+# after they have been deleted.
+os::cmd::expect_success 'oc create secret generic deleted-secret'
+os::cmd::expect_success 'oc secrets link deployer deleted-secret'
+# confirm our soon-to-be-deleted secret has been linked
+os::cmd::expect_success_and_text "oc get serviceaccount deployer -o jsonpath='{.secrets[?(@.name==\"deleted-secret\")]}'" 'deleted\-secret'
+os::cmd::expect_success 'oc get serviceaccounts/deployer -o yaml |grep -q deleted-secret'
+# delete "deleted-secret" and attempt to unlink from service account
+os::cmd::expect_success 'oc delete secret deleted-secret'
+os::cmd::expect_failure_and_text 'oc secrets unlink deployer secrets/deleted-secret' 'Unlinked deleted secrets'
+# ensure already-deleted secret has been unlinked
+os::cmd::expect_success_and_not_text "oc get serviceaccount deployer -o jsonpath='{.secrets[?(@.name==\"deleted-secret\")]}'" 'deleted\-secret'
+
 # attach secrets to service account
 # single secret with prefix
 os::cmd::expect_success 'oc secrets link deployer basicauth'
