Validate all referenced secrets #389
Conversation
| for _, secret := range list.Items { | ||
| secretNamesLength := len(secretNames) | ||
| for i := 0; i < secretNamesLength; i++ { | ||
| if secret.Name == secretNames[i] { | ||
| // remove item from array | ||
| secretNamesLength-- | ||
| secretNames[i] = secretNames[secretNamesLength] | ||
| secretNames[secretNamesLength] = "" | ||
| secretNames = secretNames[:secretNamesLength] | ||
|
|
||
| // decrease i | ||
| i-- |
There was a problem hiding this comment.
To be honest, it took me two passes to follow the logic. I think touching the loop index variable (i) by manually decreasing it, that was part of the confusion to me. As a suggestion: We could make it easier to read and reduce the nested loops by translating it to two simple loops and a lookup.
Also, the error message only showed one of the missing secrets, not all. The suggestion includes a fix idea for that, too.
| for _, secret := range list.Items { | |
| secretNamesLength := len(secretNames) | |
| for i := 0; i < secretNamesLength; i++ { | |
| if secret.Name == secretNames[i] { | |
| // remove item from array | |
| secretNamesLength-- | |
| secretNames[i] = secretNames[secretNamesLength] | |
| secretNames[secretNamesLength] = "" | |
| secretNames = secretNames[:secretNamesLength] | |
| // decrease i | |
| i-- | |
| var lookUp = map[string]bool{} | |
| for _, secretName := range secretNames { | |
| lookUp[secretName] = false | |
| } | |
| for _, secret := range list.Items { | |
| lookUp[secret.Name] = true | |
| } | |
| var missingSecrets = []string{} | |
| for name, found := range lookUp { | |
| if !found { | |
| missingSecrets = append(missingSecrets, name) | |
| } | |
| } | |
| if len(missingSecrets) > 0 { | |
| return fmt.Errorf("required secrets not found: %s", strings.Join(missingSecrets, ", ")) | |
| } |
There was a problem hiding this comment.
Yeah, I am still struggling with the lack of collection streaming in Go. I'm going to change it.
There was a problem hiding this comment.
Done. I retained the error message as this is used already in downstream documentation.
SaschaSchwarze0
force-pushed
the
sascha-secret-validation
branch
from
07ca4dd
to
1ea9eb8
Compare
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: zhangtbj The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci-robot
added
the
approved
While playing around, I noticed that the source secret is not validated. The code then showed me that only the output secret is validated. I added the validation for the source secret as well as the image builder secret.