diff --git a/kustomize/commands/edit/remove/all.go b/kustomize/commands/edit/remove/all.go index 016ace963..12c1ea94c 100644 --- a/kustomize/commands/edit/remove/all.go +++ b/kustomize/commands/edit/remove/all.go @@ -25,6 +25,9 @@ func NewCmdRemove( # Removes one or more configmap from the kustomization file kustomize edit remove configmap {name1},{name2} + # Removes one or more secret from the kustomization file + kustomize edit remove secret {name1},{name2} + # Removes one or more patches from the kustomization file kustomize edit remove patch --path {filepath} --group {target group name} --version {target version} @@ -41,6 +44,7 @@ func NewCmdRemove( } c.AddCommand( newCmdRemoveConfigMap(fSys), + newCmdRemoveSecret(fSys), newCmdRemoveResource(fSys), newCmdRemoveLabel(fSys, v.MakeLabelNameValidator()), newCmdRemoveAnnotation(fSys, v.MakeAnnotationNameValidator()), diff --git a/kustomize/commands/edit/remove/removesecret.go b/kustomize/commands/edit/remove/removesecret.go new file mode 100644 index 000000000..62cf73998 --- /dev/null +++ b/kustomize/commands/edit/remove/removesecret.go @@ -0,0 +1,92 @@ +// Copyright 2019 The Kubernetes Authors. +// SPDX-License-Identifier: Apache-2.0 + +package remove + +import ( + "errors" + "fmt" + "log" + "strings" + + "github.com/spf13/cobra" + "sigs.k8s.io/kustomize/api/konfig" + "sigs.k8s.io/kustomize/api/types" + "sigs.k8s.io/kustomize/kustomize/v4/commands/internal/kustfile" + "sigs.k8s.io/kustomize/kyaml/filesys" +) + +type removeSecretOptions struct { + secretNamesToRemove []string +} + +// newCmdRemoveSecret remove the name of a file containing a secret to the kustomization file. +func newCmdRemoveSecret(fSys filesys.FileSystem) *cobra.Command { + var o removeSecretOptions + + cmd := &cobra.Command{ + Use: "secret", + Short: "Removes specified secret" + + konfig.DefaultKustomizationFileName(), + Example: ` + remove secret my-secret + `, + RunE: func(cmd *cobra.Command, args []string) error { + err := o.Validate(args) + if err != nil { + return err + } + return o.RunRemoveSecret(fSys) + }, + } + return cmd +} + +// Validate validates removeSecret command. +func (o *removeSecretOptions) Validate(args []string) error { + if len(args) == 0 { + return errors.New("must specify a Secret name") + } + if len(args) > 1 { + return fmt.Errorf("too many arguments: %s; to provide multiple Secrets to remove, please separate Secret names by commas", args) + } + o.secretNamesToRemove = strings.Split(args[0], ",") + return nil +} + +// RunRemoveSecret runs Secret command (do real work). +func (o *removeSecretOptions) RunRemoveSecret(fSys filesys.FileSystem) error { + mf, err := kustfile.NewKustomizationFile(fSys) + if err != nil { + return fmt.Errorf("could not read kustomization file: %w", err) + } + + m, err := mf.Read() + if err != nil { + return fmt.Errorf("could not read kustomization file: %w", err) + } + + foundSecrets := make(map[string]struct{}) + + newSecrets := make([]types.SecretArgs, 0, len(m.SecretGenerator)) + for _, currentSecret := range m.SecretGenerator { + if kustfile.StringInSlice(currentSecret.Name, o.secretNamesToRemove) { + foundSecrets[currentSecret.Name] = struct{}{} + continue + } + newSecrets = append(newSecrets, currentSecret) + } + + for _, name := range o.secretNamesToRemove { + if _, found := foundSecrets[name]; !found { + log.Printf("secret %s doesn't exist in kustomization file", name) + } + } + m.SecretGenerator = newSecrets + + err = mf.Write(m) + if err != nil { + return fmt.Errorf("secret cannot write back to file, got %w", err) + } + return nil +} diff --git a/kustomize/commands/edit/remove/removesecret_test.go b/kustomize/commands/edit/remove/removesecret_test.go new file mode 100644 index 000000000..9990e5a1d --- /dev/null +++ b/kustomize/commands/edit/remove/removesecret_test.go @@ -0,0 +1,84 @@ +// Copyright 2019 The Kubernetes Authors. +// SPDX-License-Identifier: Apache-2.0 + +package remove //nolint:testpackage + +import ( + "fmt" + "strings" + "testing" + + "github.com/stretchr/testify/assert" + testutils_test "sigs.k8s.io/kustomize/kustomize/v4/commands/internal/testutils" + "sigs.k8s.io/kustomize/kyaml/filesys" +) + +func TestRemoveSecret(t *testing.T) { + const secretName01 = "example-secret-01" + const secretName02 = "example-secret-02" + + tests := map[string]struct { + input string + args []string + expectedErr string + }{ + "happy path": { + input: fmt.Sprintf(` +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +secretGenerator: +- name: %s + files: + - longsecret.txt +`, secretName01), + args: []string{secretName01}, + }, + "multiple": { + input: fmt.Sprintf(` +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +secretGenerator: +- name: %s + files: + - longsecret.txt +- name: %s + files: + - longsecret.txt +`, secretName01, secretName02), + args: []string{ + fmt.Sprintf("%s,%s", secretName01, secretName02), + }, + }, + "miss": { + input: fmt.Sprintf(` +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +secretGenerator: +- name: %s + files: + - longsecret.txt +`, secretName01), + args: []string{"foo"}, + }, + } + + for name, tc := range tests { + t.Run(name, func(t *testing.T) { + fSys := filesys.MakeFsInMemory() + testutils_test.WriteTestKustomizationWith(fSys, []byte(tc.input)) + cmd := newCmdRemoveSecret(fSys) + err := cmd.RunE(cmd, tc.args) + if tc.expectedErr != "" { + assert.Error(t, err) + assert.Contains(t, err.Error(), tc.expectedErr) + } else { + assert.NoError(t, err) + content, err := testutils_test.ReadTestKustomization(fSys) + assert.NoError(t, err) + for _, opt := range strings.Split(tc.args[0], ",") { + assert.NotContains(t, string(content), opt) + } + } + }) + } +}