search

vmware-tanzu / tanzu-framework

Tanzu Framework provides a set of building blocks to build atop of the Tanzu platform and leverages Carvel packaging and plugins to provide users with a much stronger, more integrated experience than the loose coupling and stand-alone commands of the previous generation of tools.
Apache License 2.0
197 stars 194 forks source link

No secretExport is created using tanzu secret registry add --export-to-all-namespaces #1972

Open cmoulliard opened 2 years ago

cmoulliard commented 2 years ago

Bug description

According to the code of the tanzu client secret plugin a SecretGen object should be created when we use the option --export-to-all-namespaces - https://github.com/vmware-tanzu/tanzu-framework/blob/v0.11.1/pkg/v1/tkg/tkgpackageclient/registry_secret_add.go#L45-L50 but when I execute the following command, no SecretExport k8s object seems to be created.

tanzu secret registry add test-secret --server projects-stg.registry.vmware.com --username test-user --password test-pass --export-to-all-namespaces
I0401 07:13:26.720508    9202 request.go:665] Waited for 1.045185279s due to client-side throttling, not priority and fairness, request: GET:https://10.0.77.51:6443/apis/batch/v1beta1?timeout=32s
Warning: By choosing --export-to-all-namespaces, given secret contents will be available to ALL users in ALL namespaces. Please ensure that included registry credentials allow only read-only access to the registry with minimal necessary scope.

Are you sure you want to proceed? [y/N]: y

\ Adding registry secret 'test-secret'...
 Added registry secret 'test-secret' into namespace 'default'
 Exported registry secret 'test-secret' to all namespaces

kubectl get secret/test-secret
NAME          TYPE                             DATA   AGE
test-secret   kubernetes.io/dockerconfigjson   1      10s

kubectl get SecretExport -A
No resources found

Affected product area (please put an X in all that apply)

Expected behavior A secretGen k8s object should be created

Steps to reproduce the bug

tanzu secret registry add test-secret --server projects-stg.registry.vmware.com --username test-user --password test-pass --export-to-all-namespaces

Version (include the SHA if the version is not obvious)

tanzu version
version: v0.11.1
buildDate: 2022-02-14
sha: 4d578570
github-actions[bot] commented 2 years ago

Hey @cmoulliard! Thanks for opening your first issue. We appreciate your contribution and welcome you to our community! We are glad to have you here and to have your input on Tanzu Framework.

cmoulliard commented 2 years ago

Got it. The k8s resource name to be used to find theSecretExport is 

kc get secretexport.secretgen.carvel.dev -A

This is nevertheless weird as the no shortname exist for the secretexport or secretimport and by consequence we must use the FQN secretexports.secretgen.carvel.dev

kubectl api-resources --api-group=secretgen.carvel.dev 
NAME            SHORTNAMES   APIVERSION                      NAMESPACED   KIND
secretexports                secretgen.carvel.dev/v1alpha1   true         SecretExport
secretimports                secretgen.carvel.dev/v1alpha1   true         SecretImport

AND

kubectl get secretexports -A
No resources found
vuil commented 1 year ago

@shyaamsn can you ptal and reassign as appropriate?