allow secrets with "." characters to be used in builds

Jim Minter · Jim Minter · commit 78bfc0c85bf9 · 2017-08-23T19:19:12.000-05:00
diff --git a/pkg/build/controller/strategy/util.go b/pkg/build/controller/strategy/util.go
@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"path/filepath"
 	"strconv"
+	"strings"
 
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	kvalidation "k8s.io/apimachinery/pkg/util/validation"
@@ -93,7 +94,11 @@ func setupDockerSocket(pod *v1.Pod) {
 // mountSecretVolume is a helper method responsible for actual mounting secret
 // volumes into a pod.
 func mountSecretVolume(pod *v1.Pod, container *v1.Container, secretName, mountPath, volumeSuffix string) {
-	volumeName := namer.GetName(secretName, volumeSuffix, kvalidation.DNS1123SubdomainMaxLength)
+	volumeName := namer.GetName(secretName, volumeSuffix, kvalidation.DNS1123LabelMaxLength)
+
+	// coerce from RFC1123 subdomain to RFC1123 label.
+	volumeName = strings.Replace(volumeName, ".", "-", -1)
+
 	volumeExists := false
 	for _, v := range pod.Spec.Volumes {
 		if v.Name == volumeName {
diff --git a/pkg/build/controller/strategy/util_test.go b/pkg/build/controller/strategy/util_test.go
@@ -81,7 +81,7 @@ func TestSetupDockerSecrets(t *testing.T) {
 	}
 
 	pushSecret := &kapi.LocalObjectReference{
-		Name: "pushSecret",
+		Name: "my.pushSecret.with.full.stops.and.longer.than.sixty.three.characters",
 	}
 	pullSecret := &kapi.LocalObjectReference{
 		Name: "pullSecret",
@@ -106,6 +106,13 @@ func TestSetupDockerSecrets(t *testing.T) {
 		seenName[v.Name] = true
 	}
 
+	if !seenName["my-pushSecret-with-full-stops-and-longer-than-six-c6eb4d75-push"] {
+		t.Errorf("volume my-pushSecret-with-full-stops-and-longer-than-six-c6eb4d75-push was not seen")
+	}
+	if !seenName["pullSecret-pull"] {
+		t.Errorf("volume pullSecret-pull was not seen")
+	}
+
 	seenMount := map[string]bool{}
 	seenMountPath := map[string]bool{}
 	for _, m := range pod.Spec.Containers[0].VolumeMounts {
@@ -119,6 +126,13 @@ func TestSetupDockerSecrets(t *testing.T) {
 		}
 		seenMountPath[m.Name] = true
 	}
+
+	if !seenMount["my-pushSecret-with-full-stops-and-longer-than-six-c6eb4d75-push"] {
+		t.Errorf("volumemount my-pushSecret-with-full-stops-and-longer-than-six-c6eb4d75-push was not seen")
+	}
+	if !seenMount["pullSecret-pull"] {
+		t.Errorf("volumemount pullSecret-pull was not seen")
+	}
 }
 
 func TestCopyEnvVarSlice(t *testing.T) {

Original file line number	Diff line number	Diff line change
`@@ -81,7 +81,7 @@ func TestSetupDockerSecrets(t *testing.T) {`
`81`	`81`	`}`
`82`	`82`
`83`	`83`	`pushSecret := &kapi.LocalObjectReference{`
`84`		`- Name: "pushSecret",`
	`84`	`+ Name: "my.pushSecret.with.full.stops.and.longer.than.sixty.three.characters",`
`85`	`85`	`}`
`86`	`86`	`pullSecret := &kapi.LocalObjectReference{`
`87`	`87`	`Name: "pullSecret",`
`@@ -106,6 +106,13 @@ func TestSetupDockerSecrets(t *testing.T) {`
`106`	`106`	`seenName[v.Name] = true`
`107`	`107`	`}`
`108`	`108`
	`109`	`+ if !seenName["my-pushSecret-with-full-stops-and-longer-than-six-c6eb4d75-push"] {`
	`110`	`+ t.Errorf("volume my-pushSecret-with-full-stops-and-longer-than-six-c6eb4d75-push was not seen")`
	`111`	`+ }`
	`112`	`+ if !seenName["pullSecret-pull"] {`
	`113`	`+ t.Errorf("volume pullSecret-pull was not seen")`
	`114`	`+ }`
	`115`	`+`
`109`	`116`	`seenMount := map[string]bool{}`
`110`	`117`	`seenMountPath := map[string]bool{}`
`111`	`118`	`for _, m := range pod.Spec.Containers[0].VolumeMounts {`
`@@ -119,6 +126,13 @@ func TestSetupDockerSecrets(t *testing.T) {`
`119`	`126`	`}`
`120`	`127`	`seenMountPath[m.Name] = true`
`121`	`128`	`}`
	`129`	`+`
	`130`	`+ if !seenMount["my-pushSecret-with-full-stops-and-longer-than-six-c6eb4d75-push"] {`
	`131`	`+ t.Errorf("volumemount my-pushSecret-with-full-stops-and-longer-than-six-c6eb4d75-push was not seen")`
	`132`	`+ }`
	`133`	`+ if !seenMount["pullSecret-pull"] {`
	`134`	`+ t.Errorf("volumemount pullSecret-pull was not seen")`
	`135`	`+ }`
`122`	`136`	`}`
`123`	`137`
`124`	`138`	`func TestCopyEnvVarSlice(t *testing.T) {`