-
Notifications
You must be signed in to change notification settings - Fork 112
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Validate all referenced secrets #389
Validate all referenced secrets #389
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I personally think the check logic could be rewritten a bit for readability and reduced loop iterations.
for _, secret := range list.Items { | ||
secretNamesLength := len(secretNames) | ||
for i := 0; i < secretNamesLength; i++ { | ||
if secret.Name == secretNames[i] { | ||
// remove item from array | ||
secretNamesLength-- | ||
secretNames[i] = secretNames[secretNamesLength] | ||
secretNames[secretNamesLength] = "" | ||
secretNames = secretNames[:secretNamesLength] | ||
|
||
// decrease i | ||
i-- |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To be honest, it took me two passes to follow the logic. I think touching the loop index variable (i
) by manually decreasing it, that was part of the confusion to me. As a suggestion: We could make it easier to read and reduce the nested loops by translating it to two simple loops and a lookup.
Also, the error message only showed one of the missing secrets, not all. The suggestion includes a fix idea for that, too.
for _, secret := range list.Items { | |
secretNamesLength := len(secretNames) | |
for i := 0; i < secretNamesLength; i++ { | |
if secret.Name == secretNames[i] { | |
// remove item from array | |
secretNamesLength-- | |
secretNames[i] = secretNames[secretNamesLength] | |
secretNames[secretNamesLength] = "" | |
secretNames = secretNames[:secretNamesLength] | |
// decrease i | |
i-- | |
var lookUp = map[string]bool{} | |
for _, secretName := range secretNames { | |
lookUp[secretName] = false | |
} | |
for _, secret := range list.Items { | |
lookUp[secret.Name] = true | |
} | |
var missingSecrets = []string{} | |
for name, found := range lookUp { | |
if !found { | |
missingSecrets = append(missingSecrets, name) | |
} | |
} | |
if len(missingSecrets) > 0 { | |
return fmt.Errorf("required secrets not found: %s", strings.Join(missingSecrets, ", ")) | |
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, I am still struggling with the lack of collection streaming in Go. I'm going to change it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done. I retained the error message as this is used already in downstream documentation.
07ca4dd
to
1ea9eb8
Compare
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: zhangtbj The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
While playing around, I noticed that the source secret is not validated. The code then showed me that only the output secret is validated. I added the validation for the source secret as well as the image builder secret.