feat: add remove secret command

(cherry picked from commit 63d44f5)

chore: fix for lint

(cherry picked from commit 21edcd0)

fix: correct lint issues

(cherry picked from commit 0c87856)

fix: Resolve conversations

(cherry picked from commit 9ee5ab3)

Author: yufeiminds

kustomize/commands/edit/remove/all.go

@@ -25,6 +25,9 @@ func NewCmdRemove(
 	# Removes one or more configmap from the kustomization file
 	kustomize edit remove configmap {name1},{name2}
 
+	# Removes one or more secret from the kustomization file
+	kustomize edit remove secret {name1},{name2}
+
 	# Removes one or more patches from the kustomization file
 	kustomize edit remove patch --path {filepath} --group {target group name} --version {target version}
 
@@ -41,6 +44,7 @@ func NewCmdRemove(
 	}
 	c.AddCommand(
 		newCmdRemoveConfigMap(fSys),
+		newCmdRemoveSecret(fSys),
 		newCmdRemoveResource(fSys),
 		newCmdRemoveLabel(fSys, v.MakeLabelNameValidator()),
 		newCmdRemoveAnnotation(fSys, v.MakeAnnotationNameValidator()),

kustomize/commands/edit/remove/removesecret.go

@@ -0,0 +1,92 @@
+// Copyright 2019 The Kubernetes Authors.
+// SPDX-License-Identifier: Apache-2.0
+
+package remove
+
+import (
+	"errors"
+	"fmt"
+	"log"
+	"strings"
+
+	"github.com/spf13/cobra"
+	"sigs.k8s.io/kustomize/api/konfig"
+	"sigs.k8s.io/kustomize/api/types"
+	"sigs.k8s.io/kustomize/kustomize/v4/commands/internal/kustfile"
+	"sigs.k8s.io/kustomize/kyaml/filesys"
+)
+
+type removeSecretOptions struct {
+	secretNamesToRemove []string
+}
+
+// newCmdRemoveSecret remove the name of a file containing a secret to the kustomization file.
+func newCmdRemoveSecret(fSys filesys.FileSystem) *cobra.Command {
+	var o removeSecretOptions
+
+	cmd := &cobra.Command{
+		Use: "secret",
+		Short: "Removes specified secret" +
+			konfig.DefaultKustomizationFileName(),
+		Example: `
+		remove secret my-secret
+		`,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			err := o.Validate(args)
+			if err != nil {
+				return err
+			}
+			return o.RunRemoveSecret(fSys)
+		},
+	}
+	return cmd
+}
+
+// Validate validates removeSecret command.
+func (o *removeSecretOptions) Validate(args []string) error {
+	if len(args) == 0 {
+		return errors.New("must specify a Secret name")
+	}
+	if len(args) > 1 {
+		return fmt.Errorf("too many arguments: %s; to provide multiple Secrets to remove, please separate Secret names by commas", args)
+	}
+	o.secretNamesToRemove = strings.Split(args[0], ",")
+	return nil
+}
+
+// RunRemoveSecret runs Secret command (do real work).
+func (o *removeSecretOptions) RunRemoveSecret(fSys filesys.FileSystem) error {
+	mf, err := kustfile.NewKustomizationFile(fSys)
+	if err != nil {
+		return fmt.Errorf("could not read kustomization file: %w", err)
+	}
+
+	m, err := mf.Read()
+	if err != nil {
+		return fmt.Errorf("could not read kustomization file: %w", err)
+	}
+
+	foundSecrets := make(map[string]struct{})
+
+	newSecrets := make([]types.SecretArgs, 0, len(m.SecretGenerator))
+	for _, currentSecret := range m.SecretGenerator {
+		if kustfile.StringInSlice(currentSecret.Name, o.secretNamesToRemove) {
+			foundSecrets[currentSecret.Name] = struct{}{}
+			continue
+		}
+		newSecrets = append(newSecrets, currentSecret)
+	}
+
+	for _, name := range o.secretNamesToRemove {
+		if _, found := foundSecrets[name]; !found {
+			log.Printf("secret %s doesn't exist in kustomization file", name)
+		}
+	}
+	m.SecretGenerator = newSecrets
+
+	err = mf.Write(m)
+	if err != nil {
+		return fmt.Errorf("secret cannot write back to file, got %w", err)
+	}
+	return nil
+}

kustomize/commands/edit/remove/removesecret_test.go

@@ -0,0 +1,84 @@
+// Copyright 2019 The Kubernetes Authors.
+// SPDX-License-Identifier: Apache-2.0
+
+package remove //nolint:testpackage
+
+import (
+	"fmt"
+	"strings"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	testutils_test "sigs.k8s.io/kustomize/kustomize/v4/commands/internal/testutils"
+	"sigs.k8s.io/kustomize/kyaml/filesys"
+)
+
+func TestRemoveSecret(t *testing.T) {
+	const secretName01 = "example-secret-01"
+	const secretName02 = "example-secret-02"
+
+	tests := map[string]struct {
+		input       string
+		args        []string
+		expectedErr string
+	}{
+		"happy path": {
+			input: fmt.Sprintf(`
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+secretGenerator:
+- name: %s
+  files:
+  - longsecret.txt
+`, secretName01),
+			args: []string{secretName01},
+		},
+		"multiple": {
+			input: fmt.Sprintf(`
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+secretGenerator:
+- name: %s
+  files:
+  - longsecret.txt
+- name: %s
+  files:
+  - longsecret.txt
+`, secretName01, secretName02),
+			args: []string{
+				fmt.Sprintf("%s,%s", secretName01, secretName02),
+			},
+		},
+		"miss": {
+			input: fmt.Sprintf(`
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+secretGenerator:
+- name: %s
+  files:
+  - longsecret.txt
+`, secretName01),
+			args: []string{"foo"},
+		},
+	}
+
+	for name, tc := range tests {
+		t.Run(name, func(t *testing.T) {
+			fSys := filesys.MakeFsInMemory()
+			testutils_test.WriteTestKustomizationWith(fSys, []byte(tc.input))
+			cmd := newCmdRemoveSecret(fSys)
+			err := cmd.RunE(cmd, tc.args)
+			if tc.expectedErr != "" {
+				assert.Error(t, err)
+				assert.Contains(t, err.Error(), tc.expectedErr)
+			} else {
+				assert.NoError(t, err)
+				content, err := testutils_test.ReadTestKustomization(fSys)
+				assert.NoError(t, err)
+				for _, opt := range strings.Split(tc.args[0], ",") {
+					assert.NotContains(t, string(content), opt)
+				}
+			}
+		})
+	}
+}