Merge pull request #328 from buildpacks-community/Issue-324-bug-fix-c…

…reate-secret [Issue-324] Removes logic that parses registry host when using `kp cr…
buildpacks-community · Aug 8, 2023 · 639d941 · 639d941
2 parents f5cac04 + 2093601
commit 639d941
Show file tree

Hide file tree

Showing 3 changed files with 68 additions and 24 deletions.
diff --git a/pkg/commands/secret/create.go b/pkg/commands/secret/create.go
@@ -125,7 +125,7 @@ kp secret create my-git-cred --git-url https://github.com --git-user my-git-user
 				return err
 			}
 
-			return ch.PrintResult("Secret %q created", secret.Name)
+			return ch.PrintResult("Secret %q created for %s", secret.Name, target)
 		},
 	}
 

diff --git a/pkg/commands/secret/create_test.go b/pkg/commands/secret/create_test.go
@@ -96,7 +96,7 @@ func testSecretCreateCommand(t *testing.T, when spec.G, it spec.S) {
 				"--registry-user", registryUser,
 				"--service-account", "some-sa",
 				"-n", namespace},
-			ExpectedOutput: `Secret "my-registry-cred" created
+			ExpectedOutput: `Secret "my-registry-cred" created for my-registry.io
 `,
 			ExpectCreates: []runtime.Object{
 				expectedRegistrySecret,
@@ -136,7 +136,7 @@ func testSecretCreateCommand(t *testing.T, when spec.G, it spec.S) {
 						defaultNamespacedServiceAccount,
 					},
 					Args: []string{secretName, "--dockerhub", dockerhubId, "-n", namespace},
-					ExpectedOutput: `Secret "my-docker-cred" created
+					ExpectedOutput: `Secret "my-docker-cred" created for https://index.docker.io/v1/
 `,
 					ExpectCreates: []runtime.Object{
 						expectedDockerSecret,
@@ -148,6 +148,46 @@ func testSecretCreateCommand(t *testing.T, when spec.G, it spec.S) {
 			})
 		})
 
+		when("creating a generic registry secret", func() {
+			var (
+				registry               = "https://index.docker.io/v1/"
+				registryUser           = "my-registry-user"
+				registryPassword       = "dummy-password"
+				secretName             = "my-registry-cred"
+				expectedRegistryConfig = fmt.Sprintf(`{"auths":{"%s":{"username":"%s","password":"%s","auth":"bXktcmVnaXN0cnktdXNlcjpkdW1teS1wYXNzd29yZA=="}}}`, registry, registryUser, registryPassword)
+			)
+
+			fetcher.passwords["REGISTRY_PASSWORD"] = registryPassword
+
+			it("creates a secret with the correct annotations for the registry in the provided namespace and updates the default service account", func() {
+				expectedDockerSecret := &corev1.Secret{
+					ObjectMeta: v1.ObjectMeta{
+						Name:      secretName,
+						Namespace: namespace,
+					},
+					Data: map[string][]byte{
+						corev1.DockerConfigJsonKey: []byte(expectedRegistryConfig),
+					},
+					Type: corev1.SecretTypeDockerConfigJson,
+				}
+
+				testhelpers.CommandTest{
+					Objects: []runtime.Object{
+						defaultNamespacedServiceAccount,
+					},
+					Args: []string{secretName, "--registry", registry, "--registry-user", registryUser, "-n", namespace},
+					ExpectedOutput: `Secret "my-registry-cred" created for https://index.docker.io/v1/
+`,
+					ExpectCreates: []runtime.Object{
+						expectedDockerSecret,
+					},
+					ExpectPatches: []string{
+						`{"imagePullSecrets":[{"name":"my-registry-cred"}],"metadata":{"annotations":{"kpack.io/managedSecret":"{\"my-registry-cred\":\"https://index.docker.io/v1/\"}"}},"secrets":[{"name":"my-registry-cred"}]}`,
+					},
+				}.TestK8s(t, cmdFunc)
+			})
+		})
+
 		when("creating a generic registry secret", func() {
 			var (
 				registry               = "my-registry.io"
@@ -176,7 +216,7 @@ func testSecretCreateCommand(t *testing.T, when spec.G, it spec.S) {
 						defaultNamespacedServiceAccount,
 					},
 					Args: []string{secretName, "--registry", registry, "--registry-user", registryUser, "-n", namespace},
-					ExpectedOutput: `Secret "my-registry-cred" created
+					ExpectedOutput: `Secret "my-registry-cred" created for my-registry.io
 `,
 					ExpectCreates: []runtime.Object{
 						expectedDockerSecret,
@@ -214,7 +254,7 @@ func testSecretCreateCommand(t *testing.T, when spec.G, it spec.S) {
 						defaultNamespacedServiceAccount,
 					},
 					Args: []string{secretName, "--gcr", gcrServiceAccountFile, "-n", namespace},
-					ExpectedOutput: `Secret "my-gcr-cred" created
+					ExpectedOutput: `Secret "my-gcr-cred" created for gcr.io
 `,
 					ExpectCreates: []runtime.Object{
 						expectedDockerSecret,
@@ -255,7 +295,7 @@ func testSecretCreateCommand(t *testing.T, when spec.G, it spec.S) {
 						defaultNamespacedServiceAccount,
 					},
 					Args: []string{secretName, "--git-url", gitRepo, "--git-ssh-key", gitSshFile, "-n", namespace},
-					ExpectedOutput: `Secret "my-git-ssh-cred" created
+					ExpectedOutput: `Secret "my-git-ssh-cred" created for [email protected]
 `,
 					ExpectCreates: []runtime.Object{
 						expectedGitSecret,
@@ -298,7 +338,7 @@ func testSecretCreateCommand(t *testing.T, when spec.G, it spec.S) {
 						defaultNamespacedServiceAccount,
 					},
 					Args: []string{secretName, "--git-url", gitRepo, "--git-user", gitUser, "-n", namespace},
-					ExpectedOutput: `Secret "my-git-basic-cred" created
+					ExpectedOutput: `Secret "my-git-basic-cred" created for https://github.com
 `,
 					ExpectCreates: []runtime.Object{
 						expectedGitSecret,
@@ -339,7 +379,7 @@ func testSecretCreateCommand(t *testing.T, when spec.G, it spec.S) {
 						defaultServiceAccount,
 					},
 					Args: []string{secretName, "--dockerhub", dockerhubId},
-					ExpectedOutput: `Secret "my-docker-cred" created
+					ExpectedOutput: `Secret "my-docker-cred" created for https://index.docker.io/v1/
 `,
 					ExpectCreates: []runtime.Object{
 						expectedDockerSecret,
@@ -379,7 +419,7 @@ func testSecretCreateCommand(t *testing.T, when spec.G, it spec.S) {
 						defaultServiceAccount,
 					},
 					Args: []string{secretName, "--registry", registry, "--registry-user", registryUser},
-					ExpectedOutput: `Secret "my-registry-cred" created
+					ExpectedOutput: `Secret "my-registry-cred" created for my-registry.io
 `,
 					ExpectCreates: []runtime.Object{
 						expectedDockerSecret,
@@ -417,7 +457,7 @@ func testSecretCreateCommand(t *testing.T, when spec.G, it spec.S) {
 						defaultServiceAccount,
 					},
 					Args: []string{secretName, "--gcr", gcrServiceAccountFile},
-					ExpectedOutput: `Secret "my-gcr-cred" created
+					ExpectedOutput: `Secret "my-gcr-cred" created for gcr.io
 `,
 					ExpectCreates: []runtime.Object{
 						expectedDockerSecret,
@@ -458,7 +498,7 @@ func testSecretCreateCommand(t *testing.T, when spec.G, it spec.S) {
 						defaultServiceAccount,
 					},
 					Args: []string{secretName, "--git-url", gitRepo, "--git-ssh-key", gitSshFile},
-					ExpectedOutput: `Secret "my-git-ssh-cred" created
+					ExpectedOutput: `Secret "my-git-ssh-cred" created for [email protected]
 `,
 					ExpectCreates: []runtime.Object{
 						expectedGitSecret,
@@ -501,7 +541,7 @@ func testSecretCreateCommand(t *testing.T, when spec.G, it spec.S) {
 						defaultServiceAccount,
 					},
 					Args: []string{secretName, "--git-url", gitRepo, "--git-user", gitUser},
-					ExpectedOutput: `Secret "my-git-basic-cred" created
+					ExpectedOutput: `Secret "my-git-basic-cred" created for https://github.com
 `,
 					ExpectCreates: []runtime.Object{
 						expectedGitSecret,
@@ -650,7 +690,7 @@ secrets:
 					"--dockerhub", "my-dockerhub-id",
 					"--dry-run",
 				},
-				ExpectedOutput: `Secret "my-docker-cred" created (dry run)
+				ExpectedOutput: `Secret "my-docker-cred" created for https://index.docker.io/v1/ (dry run)
 `,
 			}.TestK8s(t, cmdFunc)
 		})

diff --git a/pkg/secret/factory.go b/pkg/secret/factory.go
@@ -5,12 +5,12 @@ package secret
 
 import (
 	"encoding/json"
-	"io/ioutil"
+	"github.com/google/go-containerregistry/pkg/name"
+	"os"
 	"sort"
 	"strings"
 
 	"github.com/google/go-containerregistry/pkg/authn"
-	"github.com/google/go-containerregistry/pkg/name"
 	"github.com/pkg/errors"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -161,7 +161,7 @@ func (f *Factory) makeDockerhubSecret(name, namespace string) (*corev1.Secret, s
 }
 
 func (f *Factory) makeGcrSecret(name string, namespace string) (*corev1.Secret, string, error) {
-	password, err := ioutil.ReadFile(f.GcrServiceAccountFile)
+	password, err := os.ReadFile(f.GcrServiceAccountFile)
 	if err != nil {
 		return nil, "", err
 	}
@@ -195,18 +195,22 @@ func (f *Factory) makeRegistrySecret(secretName string, namespace string) (*core
 		return nil, "", err
 	}
 
-	reg := f.Registry
+	registry := f.Registry
 	// Handle path in registry
-	if strings.ContainsRune(reg, '/') {
-		r, err := name.NewRepository(reg, name.WeakValidation)
-		if err != nil {
-			return nil, "", err
+	if strings.ContainsRune(registry, '/') {
+		if strings.Contains(registry, "index.docker.io") {
+			registry = DockerhubUrl
+		} else {
+			r, err := name.NewRepository(registry, name.WeakValidation)
+			if err != nil {
+				return nil, "", err
+			}
+			registry = r.RegistryStr()
 		}
-		reg = r.RegistryStr()
 	}
 
 	configJson := DockerConfigJson{Auths: DockerCredentials{
-		reg: authn.AuthConfig{
+		registry: authn.AuthConfig{
 			Username: f.RegistryUser,
 			Password: password,
 		},
@@ -229,7 +233,7 @@ func (f *Factory) makeRegistrySecret(secretName string, namespace string) (*core
 }
 
 func (f *Factory) makeGitSshSecret(name string, namespace string) (*corev1.Secret, string, error) {
-	password, err := ioutil.ReadFile(f.GitSshKeyFile)
+	password, err := os.ReadFile(f.GitSshKeyFile)
 	if err != nil {
 		return nil, "", err
 	}