mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-27 05:27:21 +00:00
don't show deleted pull secrets - kubectl describe
This patch appends "(not found)" to any image pull secrets that are present in a service account, but no longer present in the namespace.
This commit is contained in:
juanvallejo
parent
1955ed614f
commit
e796ea28b9
@ -1766,23 +1766,45 @@ func (d *ServiceAccountDescriber) Describe(namespace, name string, describerSett
|
|||||||
|
|
||||||
tokens := []api.Secret{}
|
tokens := []api.Secret{}
|
||||||
|
|
||||||
tokenSelector := fields.SelectorFromSet(map[string]string{api.SecretTypeField: string(api.SecretTypeServiceAccountToken)})
|
// missingSecrets is the set of all secrets present in the
|
||||||
options := api.ListOptions{FieldSelector: tokenSelector}
|
// serviceAccount but not present in the set of existing secrets.
|
||||||
secrets, err := d.Core().Secrets(namespace).List(options)
|
missingSecrets := sets.NewString()
|
||||||
|
secrets, err := d.Core().Secrets(namespace).List(api.ListOptions{})
|
||||||
|
|
||||||
|
// errors are tolerated here in order to describe the serviceAccount with all
|
||||||
|
// of the secrets that it references, even if those secrets cannot be fetched.
|
||||||
if err == nil {
|
if err == nil {
|
||||||
|
// existingSecrets is the set of all secrets remaining on a
|
||||||
|
// service account that are not present in the "tokens" slice.
|
||||||
|
existingSecrets := sets.NewString()
|
||||||
|
|
||||||
for _, s := range secrets.Items {
|
for _, s := range secrets.Items {
|
||||||
name, _ := s.Annotations[api.ServiceAccountNameKey]
|
if s.Type == api.SecretTypeServiceAccountToken {
|
||||||
uid, _ := s.Annotations[api.ServiceAccountUIDKey]
|
name, _ := s.Annotations[api.ServiceAccountNameKey]
|
||||||
if name == serviceAccount.Name && uid == string(serviceAccount.UID) {
|
uid, _ := s.Annotations[api.ServiceAccountUIDKey]
|
||||||
tokens = append(tokens, s)
|
if name == serviceAccount.Name && uid == string(serviceAccount.UID) {
|
||||||
|
tokens = append(tokens, s)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
existingSecrets.Insert(s.Name)
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, s := range serviceAccount.Secrets {
|
||||||
|
if !existingSecrets.Has(s.Name) {
|
||||||
|
missingSecrets.Insert(s.Name)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
for _, s := range serviceAccount.ImagePullSecrets {
|
||||||
|
if !existingSecrets.Has(s.Name) {
|
||||||
|
missingSecrets.Insert(s.Name)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return describeServiceAccount(serviceAccount, tokens)
|
return describeServiceAccount(serviceAccount, tokens, missingSecrets)
|
||||||
}
|
}
|
||||||
|
|
||||||
func describeServiceAccount(serviceAccount *api.ServiceAccount, tokens []api.Secret) (string, error) {
|
func describeServiceAccount(serviceAccount *api.ServiceAccount, tokens []api.Secret, missingSecrets sets.String) (string, error) {
|
||||||
return tabbedString(func(out io.Writer) error {
|
return tabbedString(func(out io.Writer) error {
|
||||||
w := &PrefixWriter{out}
|
w := &PrefixWriter{out}
|
||||||
w.Write(LEVEL_0, "Name:\t%s\n", serviceAccount.Name)
|
w.Write(LEVEL_0, "Name:\t%s\n", serviceAccount.Name)
|
||||||
@ -1822,7 +1844,11 @@ func describeServiceAccount(serviceAccount *api.ServiceAccount, tokens []api.Sec
|
|||||||
} else {
|
} else {
|
||||||
prefix := header
|
prefix := header
|
||||||
for _, name := range names {
|
for _, name := range names {
|
||||||
w.Write(LEVEL_0, "%s\t%s\n", prefix, name)
|
if missingSecrets.Has(name) {
|
||||||
|
w.Write(LEVEL_0, "%s\t%s (not found)\n", prefix, name)
|
||||||
|
} else {
|
||||||
|
w.Write(LEVEL_0, "%s\t%s\n", prefix, name)
|
||||||
|
}
|
||||||
prefix = emptyHeader
|
prefix = emptyHeader
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user