-
Notifications
You must be signed in to change notification settings - Fork 691
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix support for non-strict scopes when using --raw #276
Fix support for non-strict scopes when using --raw #276
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you!
Commented inline.
BTW, that's why I like Go; the language itself makes you roll your eyes but it makes it really easy for people unfamiliar with the codebase (and the language itself!) to contribute.
cmd/kubeseal/main.go
Outdated
if secretName == "" { | ||
return fmt.Errorf("must provide the --name flag with --raw") | ||
|
||
switch sealingScope { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have mixed feelings about the warning.
The --raw command is also intended to be a hook for automation (custom shell scripts or IDE integration) so it's possible that a --name flag will be passed regardless of the scope.
I don't think it's worth complicating such scripts so they "know" that they have to remove the --name flag depending on the scope
The scopes strictly ordered so this could be written also as:
if ns == "" && sealingScope < ssv1alpha1.ClusterWideScope {
return fmt.Errorf("must provide the --namespace flag with --raw and --scope %s", sealingScope)
}
if name == "" && sealingScope < ssv1alpha1.NamespaceWideScope {
return fmt.Errorf("must provide the --name flag with --raw and --scope %s", sealingScope)
}
The sealingScope variable already defaults to strict. The invariant is implemented in the ssv1alpha1 package.
(Please double-check; I might have fat-fingered something, typing this on my phone from a hospital bed)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks - much cleaner and agreed re: your thinking on the warnings.
bors r+ |
276: Fix support for non-strict scopes when using --raw r=mkmik a=ajcann Allows the use of --raw without specifying secret name and namespace for cluster-wide scope and without specifying secret name for namespace-wide scope. Warns if secret name is provided when using non-strict scope. (Note: I've never written a lick of Golang before so please feel free to discard with impunity :) ) Co-authored-by: Andrew Cann <ajcann@gmail.com>
Thanks! |
Build succeeded |
Allows the use of --raw without specifying secret name and namespace for cluster-wide scope and without specifying secret name for namespace-wide scope. Warns if secret name is provided when using non-strict scope.
(Note: I've never written a lick of Golang before so please feel free to discard with impunity :) )