Merge pull request #703 from Liujingfang1/changeSecretG

replace commands/envcommand by DataSource in SecretGenerator
2026-06-14 10:30:59 +00:00 · 2019-01-16 13:47:59 -08:00
parent 0be9815d27 f7c34ccb52
commit 4e2c4b94e3
18 changed files with 184 additions and 323 deletions
--- a/pkg/commands/edit/add/configmap.go
+++ b/pkg/commands/edit/add/configmap.go
@@ -67,7 +67,7 @@ func newCmdAddConfigMap(fSys fs.FileSystem, kf ifc.KunstructuredFactory) *cobra.
 			}

 			// Add the flagsAndArgs map to the kustomization file.
-			kf.Set(fSys, loader.NewFileLoaderAtCwd(fSys))
+			kf.Set(loader.NewFileLoaderAtCwd(fSys))
 			err = addConfigMap(kustomization, flagsAndArgs, kf)
 			if err != nil {
 				return err
--- a/pkg/ifc/ifc.go
+++ b/pkg/ifc/ifc.go
@@ -18,7 +18,6 @@ limitations under the License.
 package ifc

 import (
-	"sigs.k8s.io/kustomize/pkg/fs"
 	"sigs.k8s.io/kustomize/pkg/gvk"
 	"sigs.k8s.io/kustomize/pkg/types"
 )
@@ -67,7 +66,7 @@ type KunstructuredFactory interface {
 	FromMap(m map[string]interface{}) Kunstructured
 	MakeConfigMap(args *types.ConfigMapArgs, options *types.GeneratorOptions) (Kunstructured, error)
 	MakeSecret(args *types.SecretArgs, options *types.GeneratorOptions) (Kunstructured, error)
-	Set(fs fs.FileSystem, ldr Loader)
+	Set(ldr Loader)
 }

 // See core.v1.SecretTypeOpaque
--- a/pkg/resmap/factory.go
+++ b/pkg/resmap/factory.go
@@ -20,7 +20,6 @@ import (
 	"fmt"

 	"github.com/pkg/errors"
-	"sigs.k8s.io/kustomize/pkg/fs"
 	"sigs.k8s.io/kustomize/pkg/ifc"
 	internal "sigs.k8s.io/kustomize/pkg/internal/error"
 	"sigs.k8s.io/kustomize/pkg/resource"
@@ -106,9 +105,9 @@ func (rmF *Factory) NewResMapFromSecretArgs(argsList []types.SecretArgs, options
 	return newResMapFromResourceSlice(resources)
 }

-// Set sets the filesystem and loader for the underlying factory
-func (rmF *Factory) Set(fs fs.FileSystem, ldr ifc.Loader) {
-	rmF.resF.Set(fs, ldr)
+// Set sets the loader for the underlying factory
+func (rmF *Factory) Set(ldr ifc.Loader) {
+	rmF.resF.Set(ldr)
 }

 func newResMapFromResourceSlice(resources []*resource.Resource) (ResMap, error) {
--- a/pkg/resmap/factory_test.go
+++ b/pkg/resmap/factory_test.go
@@ -231,7 +231,7 @@ BAR=baz
 		// TODO: add testcase for data coming from multiple sources like
 		// files/literal/env etc.
 	}
-	rmF.Set(fs.MakeFakeFS(), l)
+	rmF.Set(l)
 	for _, tc := range testCases {
 		if ferr := l.AddFile(tc.filepath, []byte(tc.content)); ferr != nil {
 			t.Fatalf("Error adding fake file: %v\n", ferr)
@@ -252,25 +252,18 @@ func TestNewResMapFromSecretArgs(t *testing.T) {
 	secrets := []types.SecretArgs{
 		{
 			GeneratorArgs: types.GeneratorArgs{Name: "apple"},
-			CommandSources: types.CommandSources{
-				Commands: map[string]string{
-					"DB_USERNAME": "printf admin",
-					"DB_PASSWORD": "printf somepw",
+			DataSources: types.DataSources{
+				LiteralSources: []string{
+					"DB_USERNAME=admin",
+					"DB_PASSWORD=somepw",
 				},
 			},
 			Type: ifc.SecretTypeOpaque,
 		},
-		{
-			GeneratorArgs: types.GeneratorArgs{Name: "peanuts"},
-			CommandSources: types.CommandSources{
-				EnvCommand: "printf \"DB_USERNAME=admin\nDB_PASSWORD=somepw\"",
-			},
-			Type: ifc.SecretTypeOpaque,
-		},
 	}
 	fakeFs := fs.MakeFakeFS()
 	fakeFs.Mkdir(".")
-	rmF.Set(fakeFs, loader.NewFileLoaderAtRoot(fakeFs))
+	rmF.Set(loader.NewFileLoaderAtRoot(fakeFs))
 	actual, err := rmF.NewResMapFromSecretArgs(secrets, nil)

 	if err != nil {
@@ -291,45 +284,8 @@ func TestNewResMapFromSecretArgs(t *testing.T) {
 					"DB_PASSWORD": base64.StdEncoding.EncodeToString([]byte("somepw")),
 				},
 			}).SetBehavior(ifc.BehaviorCreate),
-		resid.NewResId(secret, "peanuts"): rf.FromMap(
-			map[string]interface{}{
-				"apiVersion": "v1",
-				"kind":       "Secret",
-				"metadata": map[string]interface{}{
-					"name": "peanuts",
-				},
-				"type": ifc.SecretTypeOpaque,
-				"data": map[string]interface{}{
-					"DB_USERNAME": base64.StdEncoding.EncodeToString([]byte("admin")),
-					"DB_PASSWORD": base64.StdEncoding.EncodeToString([]byte("somepw")),
-				},
-			}).SetBehavior(ifc.BehaviorCreate),
 	}
 	if !reflect.DeepEqual(actual, expected) {
 		t.Fatalf("%#v\ndoesn't match expected:\n%#v", actual, expected)
 	}
 }
-
-func TestSecretTimeout(t *testing.T) {
-	timeout := int64(1)
-	secrets := []types.SecretArgs{
-		{
-			GeneratorArgs:  types.GeneratorArgs{Name: "slow"},
-			TimeoutSeconds: &timeout,
-			CommandSources: types.CommandSources{
-				Commands: map[string]string{
-					"USER": "sleep 2",
-				},
-			},
-			Type: ifc.SecretTypeOpaque,
-		},
-	}
-	fakeFs := fs.MakeFakeFS()
-	fakeFs.Mkdir(".")
-	rmF.Set(fakeFs, loader.NewFileLoaderAtRoot(fakeFs))
-	_, err := rmF.NewResMapFromSecretArgs(secrets, nil)
-
-	if err == nil {
-		t.Fatal("didn't get the expected timeout error", err)
-	}
-}
--- a/pkg/resource/factory.go
+++ b/pkg/resource/factory.go
@@ -21,7 +21,6 @@ import (
 	"fmt"
 	"log"

-	"sigs.k8s.io/kustomize/pkg/fs"
 	"sigs.k8s.io/kustomize/pkg/ifc"
 	internal "sigs.k8s.io/kustomize/pkg/internal/error"
 	"sigs.k8s.io/kustomize/pkg/patch"
@@ -108,9 +107,9 @@ func (rf *Factory) SliceFromBytes(in []byte) ([]*Resource, error) {
 	return result, nil
 }

-// Set sets the filesystem and loader for the underlying factory
-func (rf *Factory) Set(fs fs.FileSystem, ldr ifc.Loader) {
-	rf.kf.Set(fs, ldr)
+// Set sets the loader for the underlying factory
+func (rf *Factory) Set(ldr ifc.Loader) {
+	rf.kf.Set(ldr)
 }

 // MakeConfigMap makes an instance of Resource for ConfigMap
--- a/pkg/target/generatormergeandreplace_test.go
+++ b/pkg/target/generatormergeandreplace_test.go
@@ -181,9 +181,9 @@ configMapGenerator:
      - foo=bar
 secretGenerator:
 - name: secret-in-base
-  commands:
-    username: "printf admin"
-    password: "printf somepw"
+  literals:
+    - username=admin
+    - password=somepw
 `)
 	th.writeF("/app/deployment.yaml", `
 apiVersion: apps/v1beta2
@@ -362,8 +362,8 @@ configMapGenerator:
 secretGenerator:
 - name: secret-in-base
  behavior: merge
-  commands:
-    proxy: "printf haproxy"
+  literals:
+   - proxy=haproxy
 `)
 	m, err := th.makeKustTarget().MakeCustomizedResMap()
 	if err != nil {
--- a/pkg/target/kusttarget.go
+++ b/pkg/target/kusttarget.go
@@ -211,7 +211,7 @@ func (kt *KustTarget) accumulateTarget() (

 func (kt *KustTarget) generateConfigMapsAndSecrets(
 	errs *interror.KustomizationErrors) (resmap.ResMap, error) {
-	kt.rFactory.Set(kt.fSys, kt.ldr)
+	kt.rFactory.Set(kt.ldr)
 	cms, err := kt.rFactory.NewResMapFromConfigMapArgs(
 		kt.kustomization.ConfigMapGenerator, kt.kustomization.GeneratorOptions)
 	if err != nil {
--- a/pkg/target/kusttarget_test.go
+++ b/pkg/target/kusttarget_test.go
@@ -52,9 +52,9 @@ configMapGenerator:
  - DB_PASSWORD=somepw
 secretGenerator:
 - name: secret
-  commands:
-    DB_USERNAME: "printf admin"
-    DB_PASSWORD: "printf somepw"
+  literals:
+    - DB_USERNAME=admin
+    - DB_PASSWORD=somepw
  type: Opaque
 patchesJson6902:
 - target:
@@ -63,16 +63,6 @@ patchesJson6902:
    kind: Deployment
    name: dply1
  path: jsonpatch.json
-`
-	kustomizationContent2 = `
-apiVersion: v1beta1
-kind: Kustomization
-secretGenerator:
- name: secret
-  timeoutSeconds: 1
-  commands:
-    USER: "sleep 2"
-  type: Opaque
 `
 	deploymentContent = `
 apiVersion: apps/v1
@@ -217,18 +207,6 @@ func TestResourceNotFound(t *testing.T) {
 	}
 }

-func TestSecretTimeout(t *testing.T) {
-	th := NewKustTestHarness(t, "/whatever")
-	th.writeK("/whatever", kustomizationContent2)
-	_, err := th.makeKustTarget().MakeCustomizedResMap()
-	if err == nil {
-		t.Fatalf("Didn't get the expected error for an unknown resource")
-	}
-	if !strings.Contains(err.Error(), "killed") {
-		t.Fatalf("unexpected error: %q", err)
-	}
-}
-
 func findSecret(m resmap.ResMap) *resource.Resource {
 	for id, res := range m {
 		if id.Gvk().Kind == "Secret" {
--- a/pkg/target/namespacedgenerators_test.go
+++ b/pkg/target/namespacedgenerators_test.go
@@ -39,11 +39,11 @@ configMapGenerator:
 secretGenerator:
 - name: the-non-default-namespace-secret
  namespace: non-default
-  commands:
-    password.txt: "echo verySecret"
+  literals:
+    - password.txt=verySecret
 - name: the-secret
-  commands:
-    password.txt: "echo anotherSecret"
+  literals:
+    - password.txt=anotherSecret
 `)
 	m, err := th.makeKustTarget().MakeCustomizedResMap()
 	if err != nil {
@@ -69,19 +69,19 @@ metadata:
 ---
 apiVersion: v1
 data:
-  password.txt: dmVyeVNlY3JldAo=
+  password.txt: dmVyeVNlY3JldA==
 kind: Secret
 metadata:
-  name: the-non-default-namespace-secret-9fgdmbbk5c
+  name: the-non-default-namespace-secret-h8d9hkgtb9
  namespace: non-default
 type: Opaque
 ---
 apiVersion: v1
 data:
-  password.txt: YW5vdGhlclNlY3JldAo=
+  password.txt: YW5vdGhlclNlY3JldA==
 kind: Secret
 metadata:
-  name: the-secret-7dd8hcgfhk
+  name: the-secret-fgb45h45bh
 type: Opaque
 `)
 }
--- a/pkg/types/kustomization.go
+++ b/pkg/types/kustomization.go
@@ -216,26 +216,12 @@ type SecretArgs struct {
 	// This is the same field as the secret type field in v1/Secret:
 	// It can be "Opaque" (default), or "kubernetes.io/tls".
 	//
-	// If type is "kubernetes.io/tls", then "Commands" must have exactly two
+	// If type is "kubernetes.io/tls", then "literals" or "files" must have exactly two
 	// keys: "tls.key" and "tls.crt"
 	Type string `json:"type,omitempty" yaml:"type,omitempty"`

-	// CommandSources for secret.
-	CommandSources `json:",inline,omitempty" yaml:",inline,omitempty"`
-
-	// Deprecated.
-	// Replaced by GeneratorOptions.TimeoutSeconds
-	// TimeoutSeconds specifies the timeout for commands.
-	TimeoutSeconds *int64 `json:"timeoutSeconds,omitempty" yaml:"timeoutSeconds,omitempty"`
-}
-
-// CommandSources contains some generic sources for secrets.
-type CommandSources struct {
-	// Map of keys to commands to generate the values
-	Commands map[string]string `json:"commands,omitempty" yaml:"commands,omitempty"`
-	// EnvCommand to output lines of key=val pairs to create a secret.
-	// i.e. a Docker .env file or a .ini file.
-	EnvCommand string `json:"envCommand,omitempty" yaml:"envCommand,omitempty"`
+	// DataSources for secret.
+	DataSources `json:",inline,omitempty" yaml:",inline,omitempty"`
 }

 // DataSources contains some generic sources for configmaps.
@@ -282,15 +268,6 @@ type GeneratorOptions struct {
 	// Annotations to add to all generated resources.
 	Annotations map[string]string `json:"annotations,omitempty" yaml:"annotations,omitempty"`

-	// TimeoutSeconds specifies the timeout for commands, if any,
-	// used in resource generation.  At time of writing, the default
-	// was specified in configmapandsecret.defaultCommandTimeout.
-	TimeoutSeconds *int64 `json:"timeoutSeconds,omitempty" yaml:"timeoutSeconds,omitempty"`
-
-	// Shell and arguments to use as a context for commands used in
-	// resource generation.  Default at time of writing:  {'sh', '-c'}.
-	Shell []string `json:"shell,omitempty" yaml:"shell,omitempty"`
-
 	// DisableNameSuffixHash if true disables the default behavior of adding a
 	// suffix to the names of generated resources that is a hash of the
 	// resource contents.