-
Notifications
You must be signed in to change notification settings - Fork 102
Only redact Kinds starting "Secret.", avoiding SealedSecret and similar #78
Only redact Kinds starting "Secret.", avoiding SealedSecret and similar #78
Conversation
any reason not to just do if kind.startswith('Secret.') and len(self.args) == 2: ? that, after all, seems to be closer to what the code is intending, with the additional benefit of not causing a bug later if secrets are ever versioned at v2. |
2c4ebbb
to
a359d8b
Compare
Nope! That's definitely better. I've force pushed that change. |
It seems to me the failure arises because Why not check @torz you added this code - do you have a view ? Can we have tests for the various cases? |
@bboreham my interpretation is that the previous code falsely assumed that there would not be another kubernetes resource that contains the word "secret" as a substring. for example when debugging on this line we see that |
I can confirm that
in short, and at the least, this code seems to be that's why there's a the pattern seems to be:
|
Yes, this is what I thought was going on 👍
…On Wed, 13 Feb 2019, 05:13 Dimitri Mitropoulos, ***@***.***> wrote:
@bboreham <https://github.com/bboreham> my interpretation is that the
previous code falsely assumed that there would not be another kubernetes
resource that contains the word "secret". for example when debugging on
this line we see that kind has the value Secret.v1. for a kubernetes
Secret resource, and something like SealedSecret.v1. for a kubernetes
SealedSecret resource. This code will then wrongly take a codepath that was
written to handle Secrets for a SealedSecret. @puzza007
<https://github.com/puzza007> do you agree with that synopsis. I'm
running a test now with a SealedSecret to verify.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#78 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAAE_rl8tZ87rjubAvDkGJIem1aTSjgFks5vMug9gaJpZM4aW61N>
.
|
I believe what you call 'namespace' here, kubernetes calls 'group'. From https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#get
Presumably neither type nor group are permitted to contain To Bryan's point though... what is |
It's trying to print out |
a359d8b
to
7c2dac6
Compare
Fixes the error below for e.g.
SealedSecret.v1alpha1.bitnami.com