scottk/kubernetes
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/kubernetes.git synced 2025-11-04 04:08:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #67713 from liggitt/process-substitution

Browse Source 
Automatic merge from submit-queue (batch tested with PRs 59230, 66233, 67483, 67713). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Make kubectl create secret tls work with process substitution

Fixes #57909

```release-note
`kubectl create secret tls` can now read certificate and key files from process substitution arguments
```
This commit is contained in:
Kubernetes Submit Queue
2018-08-22 23:04:26 -07:00
committed by GitHub
parent 36cb72cfa9 24b639afcc
commit 2e82dd2715
2 changed files with 15 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
pkg/kubectl/secret_for_tls.go
View File

@@ -87,6 +87,14 @@ func (s SecretForTLSGeneratorV1) StructuredGenerate() (runtime.Object, error) {
if err != nil { if err != nil {
return nil, err return nil, err
} }
if _, err := tls.X509KeyPair(tlsCrt, tlsKey); err != nil {
return nil, fmt.Errorf("failed to load key pair %v", err)
}
// TODO: Add more validation.
// 1. If the certificate contains intermediates, it is a valid chain.
// 2. Format etc.
secret := &v1.Secret{} secret := &v1.Secret{}
secret.Name = s.Name secret.Name = s.Name
secret.Type = v1.SecretTypeTLS secret.Type = v1.SecretTypeTLS
@@ -133,11 +141,5 @@ func (s SecretForTLSGeneratorV1) validate() error {
if len(s.Cert) == 0 { if len(s.Cert) == 0 {
return fmt.Errorf("certificate must be specified") return fmt.Errorf("certificate must be specified")
} }
if _, err := tls.LoadX509KeyPair(s.Cert, s.Key); err != nil {
return fmt.Errorf("failed to load key pair %v", err)
}
// TODO: Add more validation.
// 1. If the certificate contains intermediates, it is a valid chain.
// 2. Format etc.
return nil return nil
} }

7
test/cmd/core.sh
View File

@@ -751,6 +751,13 @@ run_secrets_test() {
# Clean-up # Clean-up
kubectl delete secret test-secret --namespace=test-secrets kubectl delete secret test-secret --namespace=test-secrets
# Command with process substitution
kubectl create secret tls test-secret --namespace=test-secrets --key <(cat hack/testdata/tls.key) --cert <(cat hack/testdata/tls.crt)
kube::test::get_object_assert 'secret/test-secret --namespace=test-secrets' "{{$id_field}}" 'test-secret'
kube::test::get_object_assert 'secret/test-secret --namespace=test-secrets' "{{$secret_type}}" 'kubernetes.io/tls'
# Clean-up
kubectl delete secret test-secret --namespace=test-secrets
# Create a secret using stringData # Create a secret using stringData
kubectl create --namespace=test-secrets -f - "${kube_flags[@]}" << __EOF__ kubectl create --namespace=test-secrets -f - "${kube_flags[@]}" << __EOF__
{ {