-
Notifications
You must be signed in to change notification settings - Fork 485
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update view-secrets references #287
Update view-secrets references #287
Conversation
Welcome @elsesiy! |
Thanks for your pull request. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). 📝 Please follow instructions at https://git.k8s.io/community/CLA.md#the-contributor-license-agreement to sign the CLA. It may take a couple minutes for the CLA signature to be fully registered; after that, please reply here with a new comment and we'll verify. Thanks.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
/check-cla |
🤖 Beep beep! I’m a robot speaking on behalf of @ahmetb. 🤖 This pull request doesn't seem to be a straightforward version bump. I'll have a human review this. Why wasn't this detected as a plugin version bump:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey! So cool that you take over maintaining this plugin.
In general this looks good. However I would recommend to keep the output backwards-compatible. Right now, if I run the old version without arguments, I get a list of keys in the secret. On the other hand, the new version will decode all fields right away and prefix the result with key=<decoded>
.
Did you have a particular reason to change this behavior?
+1 for version/syntax parity. We don't know how many users exist out there, but if we can get the same syntax (or an error that shows the new syntax gracefully) we should wait on flipping the plugin manifest (this PR). |
@corneliusweig @ahmetb My bad, I didn't even notice this because I didn't spend too much time trying to use the current version. In general I'm happy to add this but this somewhat changes how I anticipated using this plugin. Even though there might be instances where specifying the key makes sense, I see it more as an optional and not a mandatory attribute as this changes the workflow again to:
I wanted to achieve simplicity by removing the friction of having to specifically providing either |
We should keep the name the same, since I won't maintain view-secret anymore. Is it not at all possible to accommodate something like:
at the same time? -n/--namespace should still exist separately. |
I think that works. Another approach could be to use |
I don't follow, what does --all do? |
|
Why do you need —all? Existing plugin already prints all keys in a secret without needing any argument. Please try the existing plugin first. 🙃 |
Yes I've seen the current plugin, |
Yeah in case that makes sense. —all can print all secrets in the ns in k=v format. |
So just to clarify to avoid misunderstandings about the semantics of Is that correct? |
@corneliusweig yes that's exactly how I implemented it now to ensure backward-compatibility but also allow for easy decoding of all contents of a secret. I'll publish it as |
@elsesiy If you are revisiting your plugin, also consider if you really need the "k8s.io/cli-runtime/pkg/genericclioptions" and "k8s.io/utils/pointer" dependencies. You are not really making use of those, because you are shelling out to kubectl and the flags don't get passed along. I think you can make your binaries smaller by removing those deps (8MB compressed is quite hefty for what you are doing). |
@corneliusweig Yeah I noticed that too and removed these dependencies too, thanks!! |
/hold |
🤖 Beep beep! I’m a robot speaking on behalf of @ahmetb. 🤖 This pull request doesn't seem to be a straightforward version bump. I'll have a human review this. Why wasn't this detected as a plugin version bump:
|
@corneliusweig @ahmetb I just pushed the changes as discussed, let me know if you have any remarks :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey @elsesiy, I see that you've improved your rewrite quite a bit already. There are two more things that need to be discussed and maybe fixed.
-
When decoding a secret, you should not add a newline after the decoded value. Otherwise, the decoded content will have a newline and that makes a difference when used in a password, for example. (see Printing decoded secrets should not add a newline elsesiy/kubectl-view-secret#1)
-
The output is still not quite the same. When running this on a secret with several keys, I get
token ca.crt namespace
with your version, but the old implementation prints
Multiple sub keys found. Specify another argument, one of: -> ca.crt -> namespace -> token
The message guides users what to do next and makes clear that what comes after is not the decoded secret. So your implementation should do that too.
🤖 Beep beep! I’m a robot speaking on behalf of @ahmetb. 🤖 This pull request doesn't seem to be a straightforward version bump. I'll have a human review this. Why wasn't this detected as a plugin version bump:
|
@corneliusweig @ahmetb Alright, I changed the format to the original output format, log info messages to |
@elsesiy great, this looks pretty good now! Thanks for bearing with us through this lengthy review round and for taking over maintenance of this plugin! /approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: corneliusweig, elsesiy The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/hold cancel |
@corneliusweig Thank you, it was a good experience and sorry for not paying too much attention to the backwards-compatibility from the beginning! Won't happen again :) I think the |
I'll send a PR to re-generate that, you can do as well if you like. |
Hi,
as announced to @ahmetb here, I re-wrote the
view-secrets
plugin.This PR changes the existing references to the new repo.