Merge pull request #336 from buildpacks-community/issue-214-secret-list

[issue-214] Adds AVAILABLE column to `secret list`
buildpacks-community · Aug 16, 2023 · 5e0f509 · 5e0f509
2 parents fbcad93 + 2d237cc
commit 5e0f509
Show file tree

Hide file tree

Showing 3 changed files with 67 additions and 31 deletions.
diff --git a/docs/kp_secret_list.md b/docs/kp_secret_list.md
@@ -6,6 +6,8 @@ List secrets attached to a service account
 
 List secrets for a service account in the provided namespace.
 
+A secret attached to a service account that does not exist in the specified namespace will be listed as AVAILABLE "false".
+
 The namespace defaults to the kubernetes current-context namespace.
 
 The service account defaults to "default".

diff --git a/pkg/commands/secret/list.go b/pkg/commands/secret/list.go
@@ -5,6 +5,7 @@ package secret
 
 import (
 	"sort"
+	"strconv"
 
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
@@ -26,6 +27,8 @@ func NewListCommand(clientSetProvider k8s.ClientSetProvider) *cobra.Command {
 		Short: "List secrets attached to a service account",
 		Long: `List secrets for a service account in the provided namespace.
 
+A secret attached to a service account that does not exist in the specified namespace will be listed as AVAILABLE "false".
+
 The namespace defaults to the kubernetes current-context namespace.
 
 The service account defaults to "default".`,
@@ -41,11 +44,15 @@ The service account defaults to "default".`,
 			if err != nil {
 				return err
 			}
+			secretsList, err := cs.K8sClient.CoreV1().Secrets(cs.Namespace).List(cmd.Context(), metav1.ListOptions{})
+			if err != nil {
+				return err
+			}
 
 			if len(serviceAccount.Secrets) == 0 && len(serviceAccount.ImagePullSecrets) == 0 {
 				return errors.Errorf("no secrets found in %q namespace for %q service account", cs.Namespace, serviceAccount.Name)
 			} else {
-				return displaySecretsTable(cmd, serviceAccount)
+				return displaySecretsTable(cmd, serviceAccount, secretsList)
 			}
 		},
 	}
@@ -56,12 +63,35 @@ The service account defaults to "default".`,
 	return &command
 }
 
-func displaySecretsTable(cmd *cobra.Command, sa *corev1.ServiceAccount) error {
-	managedSecrets, err := readManagedSecrets(sa)
+func displaySecretsTable(cmd *cobra.Command, sa *corev1.ServiceAccount, secretsList *corev1.SecretList) error {
+	secretNames, err := getServiceAccountSecretsInfo(sa, secretsList)
+	if err != nil {
+		return errors.WithMessage(err, "could not retrieve secrets information from service account.")
+	}
+	writer, err := commands.NewTableWriter(cmd.OutOrStdout(), "NAME", "TARGET", "AVAILABLE")
 	if err != nil {
 		return err
 	}
 
+	for _, secret := range secretNames {
+		err = writer.AddRow(secret.name, secret.target, strconv.FormatBool(secret.isAvailable))
+		if err != nil {
+			return err
+		}
+	}
+
+	return writer.Write()
+}
+
+func getServiceAccountSecretsInfo(sa *corev1.ServiceAccount, secretsList *corev1.SecretList) ([]struct {
+	name        string
+	target      string
+	isAvailable bool
+}, error) {
+	managedSecrets, err := readManagedSecrets(sa)
+	if err != nil {
+		return nil, err
+	}
 	secretNameSet := map[string]interface{}{}
 	for _, item := range append(sa.Secrets) {
 		secretNameSet[item.Name] = nil
@@ -70,23 +100,27 @@ func displaySecretsTable(cmd *cobra.Command, sa *corev1.ServiceAccount) error {
 		secretNameSet[item.Name] = nil
 	}
 
-	var secretNames []string
-	for name := range secretNameSet {
-		secretNames = append(secretNames, name)
-	}
-	sort.Strings(secretNames)
-
-	writer, err := commands.NewTableWriter(cmd.OutOrStdout(), "NAME", "TARGET")
-	if err != nil {
-		return err
+	var secretNames []struct {
+		name        string
+		target      string
+		isAvailable bool
 	}
-
-	for _, name := range secretNames {
-		err := writer.AddRow(name, managedSecrets[name])
-		if err != nil {
-			return err
+	for name := range secretNameSet {
+		found := false
+		for _, secret := range secretsList.Items {
+			if secret.Name == name {
+				found = true
+				break
+			}
 		}
+		secretNames = append(secretNames, struct {
+			name        string
+			target      string
+			isAvailable bool
+		}{name, managedSecrets[name], found})
 	}
-
-	return writer.Write()
+	sort.Slice(secretNames, func(i, j int) bool {
+		return secretNames[i].name < secretNames[j].name
+	})
+	return secretNames, nil
 }
diff --git a/pkg/commands/secret/list_test.go b/pkg/commands/secret/list_test.go
@@ -61,10 +61,10 @@ func testSecretListCommand(t *testing.T, when spec.G, it spec.S) {
 						},
 					}
 
-					const expectedOutput = `NAME            TARGET
-secret-one      https://index.docker.io/v1/
-secret-three    
-secret-two      some-git-url
+					const expectedOutput = `NAME            TARGET                         AVAILABLE
+secret-one      https://index.docker.io/v1/    false
+secret-three                                   false
+secret-two      some-git-url                   false
 
 `
 
@@ -105,10 +105,10 @@ secret-two      some-git-url
 						},
 					}
 
-					const expectedOutput = `NAME            TARGET
-secret-one      https://index.docker.io/v1/
-secret-three    
-secret-two      some-git-url
+					const expectedOutput = `NAME            TARGET                         AVAILABLE
+secret-one      https://index.docker.io/v1/    false
+secret-three                                   false
+secret-two      some-git-url                   false
 
 `
 
@@ -173,10 +173,10 @@ secret-two      some-git-url
 						},
 					}
 
-					const expectedOutput = `NAME            TARGET
-secret-one      https://index.docker.io/v1/
-secret-three    
-secret-two      some-git-url
+					const expectedOutput = `NAME            TARGET                         AVAILABLE
+secret-one      https://index.docker.io/v1/    false
+secret-three                                   false
+secret-two      some-git-url                   false
 
 `