Merge pull request #5344 from stormqueen1990/feat/add-remove-secret-command

feat: add remove secret command

Author: k8s-ci-robot

kustomize/commands/edit/remove/all.go

@@ -25,6 +25,9 @@ func NewCmdRemove(
 	# Removes one or more configmap from the kustomization file
 	kustomize edit remove configmap {name1},{name2}
 
+	# Removes one or more secret from the kustomization file
+	kustomize edit remove secret {name1},{name2}
+
 	# Removes one or more patches from the kustomization file
 	kustomize edit remove patch --path {filepath} --group {target group name} --version {target version}
 
@@ -41,6 +44,7 @@ func NewCmdRemove(
 	}
 	c.AddCommand(
 		newCmdRemoveConfigMap(fSys),
+		newCmdRemoveSecret(fSys),
 		newCmdRemoveResource(fSys),
 		newCmdRemoveLabel(fSys, v.MakeLabelNameValidator()),
 		newCmdRemoveAnnotation(fSys, v.MakeAnnotationNameValidator()),

kustomize/commands/edit/remove/removesecret.go

@@ -0,0 +1,99 @@
+// Copyright 2023 The Kubernetes Authors.
+// SPDX-License-Identifier: Apache-2.0
+
+package remove
+
+import (
+	"errors"
+	"fmt"
+	"log"
+	"strings"
+
+	"github.com/spf13/cobra"
+	"sigs.k8s.io/kustomize/api/konfig"
+	"sigs.k8s.io/kustomize/api/types"
+	"sigs.k8s.io/kustomize/kustomize/v5/commands/internal/kustfile"
+	"sigs.k8s.io/kustomize/kyaml/filesys"
+)
+
+type removeSecretOptions struct {
+	secretNamesToRemove []string
+}
+
+// newCmdRemoveSecret removes secretGenerator(s) with the specified name(s).
+func newCmdRemoveSecret(fSys filesys.FileSystem) *cobra.Command {
+	var o removeSecretOptions
+
+	cmd := &cobra.Command{
+		Use: "secret",
+		Short: "Removes the specified secret(s) from " +
+			konfig.DefaultKustomizationFileName(),
+		Long: "",
+		Example: `
+		remove secret my-secret
+		`,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			err := o.Validate(args)
+			if err != nil {
+				return err
+			}
+			return o.RunRemoveSecret(fSys)
+		},
+	}
+	return cmd
+}
+
+// Validate validates removeSecret command.
+func (o *removeSecretOptions) Validate(args []string) error {
+	switch {
+	case len(args) == 0:
+		return errors.New("at least one secret name must be specified")
+	case len(args) > 1:
+		return fmt.Errorf("too many arguments: %s; to provide multiple secrets to remove, please separate secret names by commas", args)
+	}
+
+	o.secretNamesToRemove = strings.Split(args[0], ",")
+	return nil
+}
+
+// RunRemoveSecret runs Secret command (do real work).
+func (o *removeSecretOptions) RunRemoveSecret(fSys filesys.FileSystem) error {
+	mf, err := kustfile.NewKustomizationFile(fSys)
+	if err != nil {
+		return fmt.Errorf("could not read kustomization file: %w", err)
+	}
+
+	m, err := mf.Read()
+	if err != nil {
+		return fmt.Errorf("could not read kustomization file contents: %w", err)
+	}
+
+	foundSecrets := make(map[string]struct{})
+
+	newSecrets := make([]types.SecretArgs, 0, len(m.SecretGenerator))
+	for _, currentSecret := range m.SecretGenerator {
+		if kustfile.StringInSlice(currentSecret.Name, o.secretNamesToRemove) {
+			foundSecrets[currentSecret.Name] = struct{}{}
+			continue
+		}
+		newSecrets = append(newSecrets, currentSecret)
+	}
+
+	if len(foundSecrets) == 0 {
+		return fmt.Errorf("no specified secret(s) were found in the %s file",
+			konfig.DefaultKustomizationFileName())
+	}
+
+	for _, name := range o.secretNamesToRemove {
+		if _, found := foundSecrets[name]; !found {
+			log.Printf("secret %s doesn't exist in kustomization file", name)
+		}
+	}
+	m.SecretGenerator = newSecrets
+
+	err = mf.Write(m)
+	if err != nil {
+		return fmt.Errorf("failed to write kustomization file: %w", err)
+	}
+	return nil
+}

kustomize/commands/edit/remove/removesecret_test.go

@@ -0,0 +1,116 @@
+// Copyright 2023 The Kubernetes Authors.
+// SPDX-License-Identifier: Apache-2.0
+
+package remove //nolint:testpackage
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+	testutils_test "sigs.k8s.io/kustomize/kustomize/v5/commands/internal/testutils"
+	"sigs.k8s.io/kustomize/kyaml/filesys"
+)
+
+func TestRemoveSecret(t *testing.T) {
+	const secretName01 = "example-secret-01"
+	const secretName02 = "example-secret-02"
+
+	tests := map[string]struct {
+		input          string
+		args           []string
+		expectedOutput string
+		expectedErr    string
+	}{
+		"happy path": {
+			input: fmt.Sprintf(`
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+secretGenerator:
+- name: %s
+  files:
+  - longsecret.txt
+`, secretName01),
+			args: []string{secretName01},
+			expectedOutput: `
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+`,
+		},
+		"multiple": {
+			input: fmt.Sprintf(`
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+secretGenerator:
+- name: %s
+  files:
+  - longsecret.txt
+- name: %s
+  files:
+  - longsecret.txt
+`, secretName01, secretName02),
+			args: []string{
+				fmt.Sprintf("%s,%s", secretName01, secretName02),
+			},
+			expectedOutput: `
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+`,
+		},
+		"miss": {
+			input: fmt.Sprintf(`
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+secretGenerator:
+- name: %s
+  files:
+  - longsecret.txt
+`, secretName01),
+			args:        []string{"foo"},
+			expectedErr: "no specified secret(s) were found",
+		},
+		"no secret name specified": {
+			args:        []string{},
+			expectedErr: "at least one secret name must be specified",
+		},
+		"too many secret names specified": {
+			args:        []string{"test1", "test2"},
+			expectedErr: "too many arguments",
+		},
+		"one existing and one non-existing": {
+			input: fmt.Sprintf(`
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+secretGenerator:
+- name: %s
+  files:
+  - application.properties
+`, secretName01),
+			args: []string{fmt.Sprintf("%s,%s", secretName01, "foo")},
+			expectedOutput: `
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+`,
+		},
+	}
+
+	for name, tc := range tests {
+		t.Run(name, func(t *testing.T) {
+			fSys := filesys.MakeFsInMemory()
+			testutils_test.WriteTestKustomizationWith(fSys, []byte(tc.input))
+			cmd := newCmdRemoveSecret(fSys)
+			err := cmd.RunE(cmd, tc.args)
+
+			if tc.expectedErr != "" {
+				require.Error(t, err)
+				require.Contains(t, err.Error(), tc.expectedErr)
+				return
+			}
+
+			require.NoError(t, err)
+			content, err := testutils_test.ReadTestKustomization(fSys)
+			require.NoError(t, err)
+			require.Equal(t, tc.expectedOutput, string(content))
+		})
+	}
+}