Rework Secrets in BuildConfig to use ObjectReference

[mfojtik]

No description provided.

[mfojtik]

Fixes: #2326

[mfojtik]

[test]

[openshift-bot]

continuous-integration/openshift-jenkins/test SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pull_requests_origin/2323/)

[mfojtik]

@bparees @smarterclayton @liggitt PTAL

I will do follow up (change ObjectReference to LocalObjectReference or whatever will land in upstream).

[bparees]

lgtm.

[mfojtik]

@bparees just realized that I have to do validation for this.

[mfojtik]

@deads2k @bparees I reworked this to use the LocalObjectReference

[deads2k]

@smarterclayton you mentioned a rebase. That would obviate the need for the upstream patch. ETA?

[deads2k]

Add the requirement on the type of Secrets that are allowed to the comment.

[mfojtik]

good idea, I will also add description

[deads2k]

I think the only thing I'm worried about is validating the secret (#2347 (comment) and #2347 (comment)). After you've got that, lgtm

[liggitt]

I didn't think we could make changes like this... shouldn't this stay a string and be changed to a LocalObjectReference in conversion?

[smarterclayton]

It wasn't in long enough to qualify for API stability guarantees

On May 20, 2015, at 9:03 PM, Jordan Liggitt notifications@github.com wrote:

In pkg/build/api/v1beta1/types.go:

// the base64 encoded credentials. Supported auth methods are: ssh-privatekey.

• SourceSecretName string json:"sourceSecretName,omitempty" description:"supported auth methods are: ssh-privatekey
• SourceSecret *kapi.LocalObjectReference json:"sourceSecret,omitempty" description:"supported auth methods are: ssh-privatekey"
  I didn't think we could make changes like this... shouldn't this stay a string and be changed to a LocalObjectReference in conversion?

—
Reply to this email directly or view it on GitHub.

[liggitt]

ok, didn't know how long it had been there

[mfojtik]

@liggitt validation updated with Prefix(), thanks!

[mfojtik]

@deads2k to validate the secret, the Secret has to exist, right? What if I use PullSecret to reference a Secret that does not exists (yet)?

[deads2k]

to validate the secret, the Secret has to exist, right? What if I use PullSecret to reference a Secret that does not exists (yet)?

I'm not talking about validating during the creation. I'd like to see the check done at the point of usage. Otherwise, you're mounting a secret that won't work.

[mfojtik]

@deads2k gotcha

[mfojtik]

@deads2k the last issue that remains open here is validation of the Secret content and type that we agreed to no do during this sprint (or do it as follow-up). PTAL

[mfojtik]

I can't reproduce the Jenkins failure locally:

π ~/go/src/github.com/openshift/origin ./hack/test-go.sh pkg/build/api/v1
ok      github.com/openshift/origin/pkg/build/api/v1    0.009s

[mfojtik]

@deads2k fixed conversions, this should be now green a good to go.

[deads2k]

Trello card for validation: https://trello.com/c/9nCfbdn4/583-validate-secrets-in-buildconfig-future-build

[merge]

[openshift-bot]

continuous-integration/openshift-jenkins/merge SUCCESS (https://ci.openshift.redhat.com/jenkins/job/merge_pull_requests_origin/2046/) (Image: devenv-fedora_1591)

[openshift-bot]

Evaluated for origin up to 35aa9d9