Correctly handle secret and configMap envs in kubectl describe

hack/test-cmd.sh

@@ -426,6 +426,46 @@ runTests() {
   # Post-condition: no POD exists
   kube::test::get_object_assert "pods -l'name in (valid-pod)'" '{{range.items}}{{$id_field}}:{{end}}' ''
 
+  # Detailed tests for describe pod output
+    ### Create a new namespace
+  # Pre-condition: the test-secrets namespace does not exist
+  kube::test::get_object_assert 'namespaces' '{{range.items}}{{ if eq $id_field \"test-kubectl-describe-pod\" }}found{{end}}{{end}}:' ':'
+  # Command
+  kubectl create namespace test-kubectl-describe-pod
+  # Post-condition: namespace 'test-secrets' is created.
+  kube::test::get_object_assert 'namespaces/test-kubectl-describe-pod' "{{$id_field}}" 'test-kubectl-describe-pod'
+
+  ### Create a generic secret
+  # Pre-condition: no SECRET exists
+  kube::test::get_object_assert 'secrets --namespace=test-kubectl-describe-pod' "{{range.items}}{{$id_field}}:{{end}}" ''
+  # Command
+  kubectl create secret generic test-secret --from-literal=key-1=value1 --type=test-type --namespace=test-kubectl-describe-pod
+  # Post-condition: secret exists and has expected values
+  kube::test::get_object_assert 'secret/test-secret --namespace=test-kubectl-describe-pod' "{{$id_field}}" 'test-secret'
+  kube::test::get_object_assert 'secret/test-secret --namespace=test-kubectl-describe-pod' "{{$secret_type}}" 'test-type'
+
+  ### Create a generic configmap
+  # Pre-condition: no CONFIGMAP exists
+  kube::test::get_object_assert 'configmaps --namespace=test-kubectl-describe-pod' "{{range.items}}{{$id_field}}:{{end}}" ''
+  # Command
+  kubectl create configmap test-configmap --from-literal=key-2=value2 --namespace=test-kubectl-describe-pod
+  # Post-condition: configmap exists and has expected values
+  kube::test::get_object_assert 'configmap/test-configmap --namespace=test-kubectl-describe-pod' "{{$id_field}}" 'test-configmap'
+
+  # Create a pod that consumes secret, configmap, and downward API keys as envs
+  kube::test::get_object_assert 'pods --namespace=test-kubectl-describe-pod' "{{range.items}}{{$id_field}}:{{end}}" ''
+  kubectl create -f hack/testdata/pod-with-api-env.yaml --namespace=test-kubectl-describe-pod
+
+  kube::test::describe_object_assert 'pods --namespace=test-kubectl-describe-pod' 'env-test-pod' "TEST_CMD_1" "<set to the key 'key-1' in secret 'test-secret'>" "TEST_CMD_2" "<set to the key 'key-2' of config map 'test-configmap'>" "TEST_CMD_3" "env-test-pod (v1:metadata.name)"
+  # Describe command (resource only) should print detailed information about environment variables
+  kube::test::describe_resource_assert 'pods --namespace=test-kubectl-describe-pod' "TEST_CMD_1" "<set to the key 'key-1' in secret 'test-secret'>" "TEST_CMD_2" "<set to the key 'key-2' of config map 'test-configmap'>" "TEST_CMD_3" "env-test-pod (v1:metadata.name)"
+
+  # Clean-up
+  kubectl delete pod env-test-pod --namespace=test-kubectl-describe-pod
+  kubectl delete secret test-secret --namespace=test-kubectl-describe-pod
+  kubectl delete configmap test-configmap --namespace=test-kubectl-describe-pod
+  kubectl delete namespace test-kubectl-describe-pod
+
   ### Create two PODs
   # Pre-condition: no POD exists
   create_and_use_new_namespace

hack/testdata/pod-with-api-env.yaml

@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: env-test-pod
+spec:
+  containers:
+    - name: test-container
+      image: gcr.io/google_containers/busybox
+      command: [ "/bin/sh", "-c", "env" ]
+      env:
+        - name: TEST_CMD_1
+          valueFrom:
+            secretKeyRef:
+              name: test-secret
+              key: key-1
+        - name: TEST_CMD_2
+          valueFrom:
+            configMapKeyRef:
+              name: test-configmap
+              key: key-2
+        - name: TEST_CMD_3
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+  restartPolicy: Never

pkg/kubectl/describe.go

@@ -856,14 +856,22 @@ func describeContainers(containers []api.Container, containerStatuses []api.Cont
 		}
 		fmt.Fprintf(out, "    Environment Variables:%s\n", none)
 		for _, e := range container.Env {
-			if e.ValueFrom != nil && e.ValueFrom.FieldRef != nil {
+			if e.ValueFrom == nil {
+				fmt.Fprintf(out, "      %s:\t%s\n", e.Name, e.Value)
+				continue
+			}
+
+			switch {
+			case e.ValueFrom.FieldRef != nil:
 				var valueFrom string
 				if resolverFn != nil {
 					valueFrom = resolverFn(e)
 				}
 				fmt.Fprintf(out, "      %s:\t%s (%s:%s)\n", e.Name, valueFrom, e.ValueFrom.FieldRef.APIVersion, e.ValueFrom.FieldRef.FieldPath)
-			} else {
-				fmt.Fprintf(out, "      %s:\t%s\n", e.Name, e.Value)
+			case e.ValueFrom.SecretKeyRef != nil:
+				fmt.Fprintf(out, "      %s:\t<set to the key '%s' in secret '%s'>\n", e.Name, e.ValueFrom.SecretKeyRef.Key, e.ValueFrom.SecretKeyRef.Name)
+			case e.ValueFrom.ConfigMapKeyRef != nil:
+				fmt.Fprintf(out, "      %s:\t<set to the key '%s' of config map '%s'>\n", e.Name, e.ValueFrom.ConfigMapKeyRef.Key, e.ValueFrom.ConfigMapKeyRef.Name)
 			}
 		}
 	}