Browse code
Merge pull request #5735 from deads2k/allow-secret-types
- contrib/completions/bash/oc
- contrib/completions/bash/openshift
- pkg/cmd/cli/secrets/new.go
- test/cmd/secrets.sh
| ... | ... |
@@ -62,6 +62,8 @@ type CreateSecretOptions struct {
|
| 62 | 62 |
|
| 63 | 63 |
// Controls whether to output warnings |
| 64 | 64 |
Quiet bool |
| 65 |
+ |
|
| 66 |
+ AllowUnknownTypes bool |
|
| 65 | 67 |
} |
| 66 | 68 |
|
| 67 | 69 |
func NewCmdCreateSecret(name, fullName string, f *clientcmd.Factory, out io.Writer) *cobra.Command {
|
| ... | ... |
@@ -96,6 +98,7 @@ func NewCmdCreateSecret(name, fullName string, f *clientcmd.Factory, out io.Writ |
| 96 | 96 |
} |
| 97 | 97 |
|
| 98 | 98 |
cmd.Flags().BoolVarP(&options.Quiet, "quiet", "q", options.Quiet, "Suppress warnings") |
| 99 |
+ cmd.Flags().BoolVar(&options.AllowUnknownTypes, "confirm", options.AllowUnknownTypes, "Allow unknown secret types.") |
|
| 99 | 100 |
cmd.Flags().StringVar(&options.SecretTypeName, "type", "", "The type of secret") |
| 100 | 101 |
cmdutil.AddPrinterFlags(cmd) |
| 101 | 102 |
|
| ... | ... |
@@ -143,18 +146,22 @@ func (o *CreateSecretOptions) Validate() error {
|
| 143 | 143 |
return errors.New("at least one source file or directory must be specified")
|
| 144 | 144 |
} |
| 145 | 145 |
|
| 146 |
-nameCheck: |
|
| 147 |
- switch o.SecretTypeName {
|
|
| 148 |
- case string(kapi.SecretTypeOpaque), "": |
|
| 149 |
- // this is ok |
|
| 150 |
- default: |
|
| 151 |
- // TODO this probably isn't a good idea. It limits the power of this command. Maybe allow unknown names with a force? |
|
| 152 |
- for _, secretType := range KnownSecretTypes {
|
|
| 153 |
- if o.SecretTypeName == string(secretType.Type) {
|
|
| 154 |
- break nameCheck |
|
| 146 |
+ if !o.AllowUnknownTypes {
|
|
| 147 |
+ switch o.SecretTypeName {
|
|
| 148 |
+ case string(kapi.SecretTypeOpaque), "": |
|
| 149 |
+ // this is ok |
|
| 150 |
+ default: |
|
| 151 |
+ found := false |
|
| 152 |
+ for _, secretType := range KnownSecretTypes {
|
|
| 153 |
+ if o.SecretTypeName == string(secretType.Type) {
|
|
| 154 |
+ found = true |
|
| 155 |
+ break |
|
| 156 |
+ } |
|
| 157 |
+ } |
|
| 158 |
+ if !found {
|
|
| 159 |
+ return fmt.Errorf("unknown secret type %q; use --confirm to use it anyway", o.SecretTypeName)
|
|
| 155 | 160 |
} |
| 156 | 161 |
} |
| 157 |
- return fmt.Errorf("unknown secret type: %v", o.SecretTypeName)
|
|
| 158 | 162 |
} |
| 159 | 163 |
|
| 160 | 164 |
return nil |
| ... | ... |
@@ -10,6 +10,9 @@ source "${OS_ROOT}/hack/cmd_util.sh"
|
| 10 | 10 |
os::log::install_errexit |
| 11 | 11 |
|
| 12 | 12 |
# This test validates secret interaction |
| 13 |
+[ "$(oc secrets new foo --type=blah makefile=Makefile 2>&1 | grep 'error: unknown secret type "blah"')" ] |
|
| 14 |
+oc secrets new foo --type=blah makefile=Makefile --confirm |
|
| 15 |
+oc get secrets/foo -o jsonpath={.type} | grep 'blah'
|
|
| 13 | 16 |
|
| 14 | 17 |
os::cmd::expect_success 'oc secrets new-dockercfg dockercfg --docker-username=sample-user --docker-password=sample-password --docker-email=fake@example.org' |
| 15 | 18 |
# can't use a go template here because the output needs to be base64 decoded. base64 isn't installed by default in all distros |