update TSB so that it can handle secrets, but it's still generically …

…broken
openshift · Jun 27, 2018 · ed3cecd · ed3cecd
1 parent dd5cd96
commit ed3cecd
Show file tree

Hide file tree

Showing 2 changed files with 58 additions and 2 deletions.
diff --git a/pkg/templateservicebroker/servicebroker/bind.go b/pkg/templateservicebroker/servicebroker/bind.go
@@ -12,6 +12,7 @@ import (
 	"github.com/golang/glog"
 
 	authorizationv1 "k8s.io/api/authorization/v1"
+	corev1 "k8s.io/api/core/v1"
 	kerrors "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -215,15 +216,26 @@ func (b *Broker) Bind(u user.Info, instanceID, bindingID string, breq *api.BindR
 			return api.Forbidden(err)
 		}
 
-		obj, err := b.dynamicClient.Resource(mapping.Resource).Namespace(object.Ref.Namespace).Get(object.Ref.Name, metav1.GetOptions{})
+		unstructuredObj, err := b.dynamicClient.Resource(mapping.Resource).Namespace(object.Ref.Namespace).Get(object.Ref.Name, metav1.GetOptions{})
 		if err != nil {
 			return api.InternalServerError(err)
 		}
 
-		if obj.GetUID() != object.Ref.UID {
+		if unstructuredObj.GetUID() != object.Ref.UID {
 			return api.InternalServerError(kerrors.NewNotFound(mapping.Resource.GroupResource(), object.Ref.Name))
 		}
 
+		var obj runtime.Object = unstructuredObj
+		// TODO figure out how to fix this code to work generically.  Right now it relies upon being able to fully decode a secret
+		if object.Ref.GroupVersionKind().GroupKind() == kapi.Kind("Secret") {
+			secretObj := &corev1.Secret{}
+			err := runtime.DefaultUnstructuredConverter.FromUnstructured(unstructuredObj.Object, secretObj)
+			if err != nil {
+				return api.InternalServerError(err)
+			}
+			obj = secretObj
+		}
+
 		err = updateCredentialsForObject(credentials, obj)
 		if err != nil {
 			return api.InternalServerError(err)

diff --git a/pkg/templateservicebroker/servicebroker/bind_test.go b/pkg/templateservicebroker/servicebroker/bind_test.go
@@ -9,6 +9,7 @@ import (
 	faketemplatev1 "github.com/openshift/client-go/template/clientset/versioned/typed/template/v1/fake"
 	templateapi "github.com/openshift/origin/pkg/template/apis/template"
 	"github.com/openshift/origin/pkg/templateservicebroker/openservicebroker/api"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 
 	authorizationv1 "k8s.io/api/authorization/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
@@ -141,6 +142,49 @@ func TestEvaluateJSONPathExpression(t *testing.T) {
 	}
 }
 
+func TestBase64AndString(t *testing.T) {
+	t.Skip("this test is demonstrating the generic failure of the export value code for base64.  You can't generic identify the base64 fields.")
+	data := []byte(`{
+  "apiVersion": "v1",
+  "data": {
+    "password": "c2VjcmV0Y3JlZHN5bmMK",
+    "username": "c2VjcmV0Y3JlZHN5bmMK"
+  },
+  "kind": "Secret",
+  "metadata": {
+    "labels": {
+      "credential.sync.jenkins.openshift.io": "true"
+    },
+    "name": "secret-to-credential"
+  },
+  "type": "Opaque"
+}`)
+
+	uncastObj, err := runtime.Decode(unstructured.UnstructuredJSONScheme, data)
+	if err != nil {
+		t.Fatal(err)
+	}
+	obj := uncastObj.(*unstructured.Unstructured)
+	t.Logf("%T", obj.Object["data"].(map[string]interface{})["password"])
+
+	actualString, err := evaluateJSONPathExpression(obj.Object, "dummy", "{.data.password}", false)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if e, a := "secretcredsync", actualString; e != a {
+		t.Errorf("expected %q, got %q", e, a)
+	}
+
+	actualStringAsBase64, err := evaluateJSONPathExpression(obj.Object, "dummy", "{.data.password}", true)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if e, a := "c2VjcmV0Y3JlZHN5bmMK", actualStringAsBase64; e != a {
+		t.Errorf("expected %q, got %q", e, a)
+	}
+
+}
+
 func TestDuplicateCredentialKeys(t *testing.T) {
 	credentials := map[string]interface{}{}
 	err := updateCredentialsForObject(credentials, &kapi.Secret{