fix unusable secret manifest for type docker-registry

2025-08-11 04:52:08 +00:00 · 2023-07-26 18:08:01 +08:00 · 2023-07-26 18:08:01 +08:00 · c12e12bd89
commit c12e12bd89
parent e457683e6c
2 changed files with 94 additions and 2 deletions
--- a/staging/src/k8s.io/kubectl/pkg/cmd/create/create_secret_docker.go
+++ b/staging/src/k8s.io/kubectl/pkg/cmd/create/create_secret_docker.go
@ -21,6 +21,7 @@ import (
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
+	"strings"

 	"github.com/spf13/cobra"
 	corev1 "k8s.io/api/core/v1"
@ -58,7 +59,7 @@ var (
 		  kubectl create secret docker-registry my-secret --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER --docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL

 		  # Create a new secret named my-secret from ~/.docker/config.json
-		  kubectl create secret docker-registry my-secret --from-file=.dockerconfigjson=path/to/.docker/config.json`))
+		  kubectl create secret docker-registry my-secret --from-file=path/to/.docker/config.json`))
 )

 // DockerConfigJSON represents a local docker auth config file
@ -152,7 +153,11 @@ func NewCmdCreateSecretDockerRegistry(f cmdutil.Factory, ioStreams genericioopti
 	cmd.Flags().StringVar(&o.Email, "docker-email", o.Email, i18n.T("Email for Docker registry"))
 	cmd.Flags().StringVar(&o.Server, "docker-server", o.Server, i18n.T("Server location for Docker registry"))
 	cmd.Flags().BoolVar(&o.AppendHash, "append-hash", o.AppendHash, "Append a hash of the secret to its name.")
-	cmd.Flags().StringSliceVar(&o.FileSources, "from-file", o.FileSources, "Key files can be specified using their file path, in which case a default name will be given to them, or optionally with a name and file path, in which case the given name will be used.  Specifying a directory will iterate each named file in the directory that is a valid secret key.")
+	cmd.Flags().StringSliceVar(&o.FileSources, "from-file", o.FileSources, "Key files can be specified using their file path, "+
+		"in which case a default name of "+corev1.DockerConfigJsonKey+" will be given to them, "+
+		"or optionally with a name and file path, in which case the given name will be used. "+
+		"Specifying a directory will iterate each named file in the directory that is a valid secret key. "+
+		"For this command, the key should always be "+corev1.DockerConfigJsonKey+".")

 	cmdutil.AddFieldManagerFlagVar(cmd, &o.FieldManager, "kubectl-create")

@ -204,6 +209,11 @@ func (o *CreateSecretDockerRegistryOptions) Complete(f cmdutil.Factory, cmd *cob
 		return err
 	}

+	for i := range o.FileSources {
+		if !strings.Contains(o.FileSources[i], "=") {
+			o.FileSources[i] = corev1.DockerConfigJsonKey + "=" + o.FileSources[i]
+		}
+	}
 	return nil
 }

--- a/staging/src/k8s.io/kubectl/pkg/cmd/create/create_secret_docker_test.go
+++ b/staging/src/k8s.io/kubectl/pkg/cmd/create/create_secret_docker_test.go
@ -17,11 +17,16 @@ limitations under the License.
 package create

 import (
+	"encoding/json"
+	"fmt"
+	"os"
 	"testing"

 	corev1 "k8s.io/api/core/v1"
 	apiequality "k8s.io/apimachinery/pkg/api/equality"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/cli-runtime/pkg/genericiooptions"
+	cmdtesting "k8s.io/kubectl/pkg/cmd/testing"
 )

 func TestCreateSecretDockerRegistry(t *testing.T) {
@ -183,3 +188,80 @@ func TestCreateSecretDockerRegistry(t *testing.T) {
 		})
 	}
 }
+
+func TestCreateSecretDockerRegistryFromFile(t *testing.T) {
+	username, password, email, server := "test-user", "test-password", "test-user@example.org", "https://index.docker.io/v1/"
+	secretData, err := handleDockerCfgJSONContent(username, password, email, server)
+	if err != nil {
+		t.Errorf("unexpected error: %v", err)
+	}
+	secret := &corev1.Secret{
+		TypeMeta: metav1.TypeMeta{
+			APIVersion: corev1.SchemeGroupVersion.String(),
+			Kind:       "Secret",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name: "foo",
+		},
+		Type: corev1.SecretTypeDockerConfigJson,
+		Data: map[string][]byte{
+			corev1.DockerConfigJsonKey: secretData,
+		},
+	}
+
+	tests := map[string]struct {
+		withKey  bool
+		expected *corev1.Secret
+	}{
+		"create_secret_docker_registry_from_file_with_keyname": {
+			withKey:  true,
+			expected: secret,
+		},
+		"create_secret_docker_registry_from_file_without_keyname": {
+			withKey:  false,
+			expected: secret,
+		},
+	}
+
+	// Run all the tests
+	for name, test := range tests {
+		t.Run(name, func(t *testing.T) {
+			tmp, _ := os.MkdirTemp("", "input")
+			defer func() {
+				err := os.RemoveAll(tmp)
+				if err != nil {
+					t.Fatalf("Failed to teardown: %s", err)
+				}
+			}()
+			dockerCfgFile := tmp + "/dockerconfig.json"
+			err := os.WriteFile(dockerCfgFile, secretData, 0644)
+			if err != nil {
+				t.Errorf("unexpected error: %v", err)
+			}
+
+			tf := cmdtesting.NewTestFactory()
+			defer tf.Cleanup()
+			ioStreams, _, out, _ := genericiooptions.NewTestIOStreams()
+			cmd := NewCmdCreateSecretDockerRegistry(tf, ioStreams)
+			args := []string{"foo", "--dry-run=client", "-ojson"}
+			if test.withKey {
+				args = append(args, fmt.Sprintf("--from-file=%s=%s", corev1.DockerConfigJsonKey, dockerCfgFile))
+			} else {
+				args = append(args, fmt.Sprintf("--from-file=%s", dockerCfgFile))
+			}
+			cmd.SetArgs(args)
+			err = cmd.Execute()
+			if err != nil {
+				t.Errorf("unexpected error: %v", err)
+			}
+			got := &corev1.Secret{}
+			err = json.Unmarshal(out.Bytes(), got)
+			if err != nil {
+				t.Errorf("unexpected error: %v", err)
+			}
+			if !apiequality.Semantic.DeepEqual(got, test.expected) {
+				t.Errorf("test %s\n expected:\n%#v\ngot:\n%#v", name, test.expected, got)
+			}
+		})
+	}
+}