kube: rm secret on down, print secret on play

Signed-off-by: danishprakash <danish.prakash@suse.com>
2025-06-20 17:13:43 +08:00 · 2023-02-16 18:15:34 +05:30
parent 2e0ee6ed50
commit 2659a3228a
4 changed files with 71 additions and 0 deletions
--- a/cmd/podman/kube/play.go
+++ b/cmd/podman/kube/play.go
@ -333,6 +333,7 @@ func teardown(body io.Reader, options entities.PlayKubeDownOptions, quiet bool)
 		podStopErrors utils.OutputErrors
 		podRmErrors   utils.OutputErrors
 		volRmErrors   utils.OutputErrors
+		secRmErrors   utils.OutputErrors
 	)
 	reports, err := registry.ContainerEngine().PlayKubeDown(registry.GetContext(), body, options)
 	if err != nil {
@ -377,6 +378,24 @@ func teardown(body io.Reader, options entities.PlayKubeDownOptions, quiet bool)
 		fmt.Fprintf(os.Stderr, "Error: %s\n", lastPodRmError)
 	}

+	// Output rm'd volumes
+	if !quiet {
+		fmt.Println("Secrets removed:")
+	}
+	for _, removed := range reports.SecretRmReport {
+		switch {
+		case removed.Err != nil:
+			secRmErrors = append(secRmErrors, removed.Err)
+		case quiet:
+		default:
+			fmt.Println(removed.ID)
+		}
+	}
+	lastSecretRmError := secRmErrors.PrintErrors()
+	if lastPodRmError != nil {
+		fmt.Fprintf(os.Stderr, "Error: %s\n", lastSecretRmError)
+	}
+
 	// Output rm'd volumes
 	if !quiet {
 		fmt.Println("Volumes removed:")
@ -407,6 +426,14 @@ func kubeplay(body io.Reader) error {
 		fmt.Println(volume.Name)
 	}

+	// Print secrets report
+	for i, secret := range report.Secrets {
+		if i == 0 {
+			fmt.Println("Secrets:")
+		}
+		fmt.Println(secret.CreateReport.ID)
+	}
+
 	// Print pods report
 	for _, pod := range report.Pods {
 		for _, l := range pod.Logs {
--- a/pkg/domain/entities/play.go
+++ b/pkg/domain/entities/play.go
@ -110,6 +110,7 @@ type PlayKubeTeardown struct {
 	StopReport     []*PodStopReport
 	RmReport       []*PodRmReport
 	VolumeRmReport []*VolumeRmReport
+	SecretRmReport []*SecretRmReport
 }

 type PlaySecret struct {
--- a/pkg/domain/infra/abi/play.go
+++ b/pkg/domain/infra/abi/play.go
@ -1257,6 +1257,7 @@ func (ic *ContainerEngine) PlayKubeDown(ctx context.Context, body io.Reader, opt
 	var (
 		podNames    []string
 		volumeNames []string
+		secretNames []string
 	)
 	reports := new(entities.PlayKubeReport)

@ -1313,6 +1314,12 @@ func (ic *ContainerEngine) PlayKubeDown(ctx context.Context, body io.Reader, opt
 				return nil, fmt.Errorf("unable to read YAML as Kube PersistentVolumeClaim: %w", err)
 			}
 			volumeNames = append(volumeNames, pvcYAML.Name)
+		case "Secret":
+			var secret v1.Secret
+			if err := yaml.Unmarshal(document, &secret); err != nil {
+				return nil, fmt.Errorf("unable to read YAML as Kube Secret: %w", err)
+			}
+			secretNames = append(secretNames, secret.Name)
 		default:
 			continue
 		}
@ -1329,6 +1336,11 @@ func (ic *ContainerEngine) PlayKubeDown(ctx context.Context, body io.Reader, opt
 		return nil, err
 	}

+	reports.SecretRmReport, err = ic.SecretRm(ctx, secretNames, entities.SecretRmOptions{})
+	if err != nil {
+		return nil, err
+	}
+
 	if options.Force {
 		reports.VolumeRmReport, err = ic.VolumeRm(ctx, volumeNames, entities.VolumeRmOptions{})
 		if err != nil {
--- a/test/e2e/play_kube_test.go
+++ b/test/e2e/play_kube_test.go
@ -1688,6 +1688,12 @@ func createAndTestSecret(podmanTest *PodmanTestIntegration, secretYamlString, se
 	secretList.WaitWithDefaultTimeout()
 	Expect(secretList).Should(Exit(0))
 	Expect(secretList.OutputToString()).Should(ContainSubstring(secretName))
+
+	// test if secret ID is printed once created
+	secretListQuiet := podmanTest.Podman([]string{"secret", "list", "--quiet"})
+	secretListQuiet.WaitWithDefaultTimeout()
+	Expect(secretListQuiet).Should(Exit(0))
+	Expect(kube.OutputToString()).Should(ContainSubstring(secretListQuiet.OutputToString()))
 }

 func deleteAndTestSecret(podmanTest *PodmanTestIntegration, secretName string) {
@ -3863,6 +3869,31 @@ invalid kube kind
 		Expect(checkls.OutputToStringArray()).To(BeEmpty())
 	})

+	It("podman play kube teardown with secret", func() {
+		err := writeYaml(secretYaml, kubeYaml)
+		Expect(err).ToNot(HaveOccurred())
+
+		kube := podmanTest.Podman([]string{"kube", "play", kubeYaml})
+		kube.WaitWithDefaultTimeout()
+		Expect(kube).Should(Exit(0))
+
+		ls := podmanTest.Podman([]string{"secret", "ls", "--format", "{{.ID}}"})
+		ls.WaitWithDefaultTimeout()
+		Expect(ls).Should(Exit(0))
+		Expect(ls.OutputToStringArray()).To(HaveLen(1))
+
+		//	 teardown
+		teardown := podmanTest.Podman([]string{"kube", "down", kubeYaml})
+		teardown.WaitWithDefaultTimeout()
+		Expect(teardown).Should(Exit(0))
+		Expect(teardown.OutputToString()).Should(ContainSubstring(ls.OutputToString()))
+
+		checkls := podmanTest.Podman([]string{"secret", "ls", "--format", "'{{.ID}}'"})
+		checkls.WaitWithDefaultTimeout()
+		Expect(checkls).Should(Exit(0))
+		Expect(checkls.OutputToStringArray()).To(BeEmpty())
+	})
+
 	It("podman play kube teardown pod does not exist", func() {
 		//	 teardown
 		teardown := podmanTest.Podman([]string{"play", "kube", "--down", kubeYaml})