diff --git a/pkg/templateservicebroker/servicebroker/bind.go b/pkg/templateservicebroker/servicebroker/bind.go index 1c4b4936ad60..8a634f04f2ef 100644 --- a/pkg/templateservicebroker/servicebroker/bind.go +++ b/pkg/templateservicebroker/servicebroker/bind.go @@ -12,6 +12,7 @@ import ( "github.com/golang/glog" authorizationv1 "k8s.io/api/authorization/v1" + corev1 "k8s.io/api/core/v1" kerrors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/api/meta" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -215,15 +216,26 @@ func (b *Broker) Bind(u user.Info, instanceID, bindingID string, breq *api.BindR return api.Forbidden(err) } - obj, err := b.dynamicClient.Resource(mapping.Resource).Namespace(object.Ref.Namespace).Get(object.Ref.Name, metav1.GetOptions{}) + unstructuredObj, err := b.dynamicClient.Resource(mapping.Resource).Namespace(object.Ref.Namespace).Get(object.Ref.Name, metav1.GetOptions{}) if err != nil { return api.InternalServerError(err) } - if obj.GetUID() != object.Ref.UID { + if unstructuredObj.GetUID() != object.Ref.UID { return api.InternalServerError(kerrors.NewNotFound(mapping.Resource.GroupResource(), object.Ref.Name)) } + var obj runtime.Object = unstructuredObj + // TODO figure out how to fix this code to work generically. Right now it relies upon being able to fully decode a secret + if object.Ref.GroupVersionKind().GroupKind() == kapi.Kind("Secret") { + secretObj := &corev1.Secret{} + err := runtime.DefaultUnstructuredConverter.FromUnstructured(unstructuredObj.Object, secretObj) + if err != nil { + return api.InternalServerError(err) + } + obj = secretObj + } + err = updateCredentialsForObject(credentials, obj) if err != nil { return api.InternalServerError(err) diff --git a/pkg/templateservicebroker/servicebroker/bind_test.go b/pkg/templateservicebroker/servicebroker/bind_test.go index 60bb7b732601..adfbf1cbd44a 100644 --- a/pkg/templateservicebroker/servicebroker/bind_test.go +++ b/pkg/templateservicebroker/servicebroker/bind_test.go @@ -9,6 +9,7 @@ import ( faketemplatev1 "github.com/openshift/client-go/template/clientset/versioned/typed/template/v1/fake" templateapi "github.com/openshift/origin/pkg/template/apis/template" "github.com/openshift/origin/pkg/templateservicebroker/openservicebroker/api" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" authorizationv1 "k8s.io/api/authorization/v1" "k8s.io/apimachinery/pkg/api/errors" @@ -141,6 +142,49 @@ func TestEvaluateJSONPathExpression(t *testing.T) { } } +func TestBase64AndString(t *testing.T) { + t.Skip("this test is demonstrating the generic failure of the export value code for base64. You can't generic identify the base64 fields.") + data := []byte(`{ + "apiVersion": "v1", + "data": { + "password": "c2VjcmV0Y3JlZHN5bmMK", + "username": "c2VjcmV0Y3JlZHN5bmMK" + }, + "kind": "Secret", + "metadata": { + "labels": { + "credential.sync.jenkins.openshift.io": "true" + }, + "name": "secret-to-credential" + }, + "type": "Opaque" +}`) + + uncastObj, err := runtime.Decode(unstructured.UnstructuredJSONScheme, data) + if err != nil { + t.Fatal(err) + } + obj := uncastObj.(*unstructured.Unstructured) + t.Logf("%T", obj.Object["data"].(map[string]interface{})["password"]) + + actualString, err := evaluateJSONPathExpression(obj.Object, "dummy", "{.data.password}", false) + if err != nil { + t.Fatal(err) + } + if e, a := "secretcredsync", actualString; e != a { + t.Errorf("expected %q, got %q", e, a) + } + + actualStringAsBase64, err := evaluateJSONPathExpression(obj.Object, "dummy", "{.data.password}", true) + if err != nil { + t.Fatal(err) + } + if e, a := "c2VjcmV0Y3JlZHN5bmMK", actualStringAsBase64; e != a { + t.Errorf("expected %q, got %q", e, a) + } + +} + func TestDuplicateCredentialKeys(t *testing.T) { credentials := map[string]interface{}{} err := updateCredentialsForObject(credentials, &kapi.Secret{