From 2659a3228a3b8e3b5671cd90b1ea49b11272d170 Mon Sep 17 00:00:00 2001
From: danishprakash <danish.prakash@suse.com>
Date: Thu, 16 Feb 2023 18:15:34 +0530
Subject: [PATCH] kube: rm secret on down, print secret on play

Signed-off-by: danishprakash <danish.prakash@suse.com>
---
 cmd/podman/kube/play.go      | 27 +++++++++++++++++++++++++++
 pkg/domain/entities/play.go  |  1 +
 pkg/domain/infra/abi/play.go | 12 ++++++++++++
 test/e2e/play_kube_test.go   | 31 +++++++++++++++++++++++++++++++
 4 files changed, 71 insertions(+)

diff --git a/cmd/podman/kube/play.go b/cmd/podman/kube/play.go
index 2e21074d02..84e64a8969 100644
--- a/cmd/podman/kube/play.go
+++ b/cmd/podman/kube/play.go
@@ -333,6 +333,7 @@ func teardown(body io.Reader, options entities.PlayKubeDownOptions, quiet bool)
 		podStopErrors utils.OutputErrors
 		podRmErrors   utils.OutputErrors
 		volRmErrors   utils.OutputErrors
+		secRmErrors   utils.OutputErrors
 	)
 	reports, err := registry.ContainerEngine().PlayKubeDown(registry.GetContext(), body, options)
 	if err != nil {
@@ -377,6 +378,24 @@ func teardown(body io.Reader, options entities.PlayKubeDownOptions, quiet bool)
 		fmt.Fprintf(os.Stderr, "Error: %s\n", lastPodRmError)
 	}
 
+	// Output rm'd volumes
+	if !quiet {
+		fmt.Println("Secrets removed:")
+	}
+	for _, removed := range reports.SecretRmReport {
+		switch {
+		case removed.Err != nil:
+			secRmErrors = append(secRmErrors, removed.Err)
+		case quiet:
+		default:
+			fmt.Println(removed.ID)
+		}
+	}
+	lastSecretRmError := secRmErrors.PrintErrors()
+	if lastPodRmError != nil {
+		fmt.Fprintf(os.Stderr, "Error: %s\n", lastSecretRmError)
+	}
+
 	// Output rm'd volumes
 	if !quiet {
 		fmt.Println("Volumes removed:")
@@ -407,6 +426,14 @@ func kubeplay(body io.Reader) error {
 		fmt.Println(volume.Name)
 	}
 
+	// Print secrets report
+	for i, secret := range report.Secrets {
+		if i == 0 {
+			fmt.Println("Secrets:")
+		}
+		fmt.Println(secret.CreateReport.ID)
+	}
+
 	// Print pods report
 	for _, pod := range report.Pods {
 		for _, l := range pod.Logs {
diff --git a/pkg/domain/entities/play.go b/pkg/domain/entities/play.go
index bd14b29680..3f791ab2fa 100644
--- a/pkg/domain/entities/play.go
+++ b/pkg/domain/entities/play.go
@@ -110,6 +110,7 @@ type PlayKubeTeardown struct {
 	StopReport     []*PodStopReport
 	RmReport       []*PodRmReport
 	VolumeRmReport []*VolumeRmReport
+	SecretRmReport []*SecretRmReport
 }
 
 type PlaySecret struct {
diff --git a/pkg/domain/infra/abi/play.go b/pkg/domain/infra/abi/play.go
index b47ccba48b..7c34af34f8 100644
--- a/pkg/domain/infra/abi/play.go
+++ b/pkg/domain/infra/abi/play.go
@@ -1257,6 +1257,7 @@ func (ic *ContainerEngine) PlayKubeDown(ctx context.Context, body io.Reader, opt
 	var (
 		podNames    []string
 		volumeNames []string
+		secretNames []string
 	)
 	reports := new(entities.PlayKubeReport)
 
@@ -1313,6 +1314,12 @@ func (ic *ContainerEngine) PlayKubeDown(ctx context.Context, body io.Reader, opt
 				return nil, fmt.Errorf("unable to read YAML as Kube PersistentVolumeClaim: %w", err)
 			}
 			volumeNames = append(volumeNames, pvcYAML.Name)
+		case "Secret":
+			var secret v1.Secret
+			if err := yaml.Unmarshal(document, &secret); err != nil {
+				return nil, fmt.Errorf("unable to read YAML as Kube Secret: %w", err)
+			}
+			secretNames = append(secretNames, secret.Name)
 		default:
 			continue
 		}
@@ -1329,6 +1336,11 @@ func (ic *ContainerEngine) PlayKubeDown(ctx context.Context, body io.Reader, opt
 		return nil, err
 	}
 
+	reports.SecretRmReport, err = ic.SecretRm(ctx, secretNames, entities.SecretRmOptions{})
+	if err != nil {
+		return nil, err
+	}
+
 	if options.Force {
 		reports.VolumeRmReport, err = ic.VolumeRm(ctx, volumeNames, entities.VolumeRmOptions{})
 		if err != nil {
diff --git a/test/e2e/play_kube_test.go b/test/e2e/play_kube_test.go
index 3b769f6278..ec71c4c955 100644
--- a/test/e2e/play_kube_test.go
+++ b/test/e2e/play_kube_test.go
@@ -1688,6 +1688,12 @@ func createAndTestSecret(podmanTest *PodmanTestIntegration, secretYamlString, se
 	secretList.WaitWithDefaultTimeout()
 	Expect(secretList).Should(Exit(0))
 	Expect(secretList.OutputToString()).Should(ContainSubstring(secretName))
+
+	// test if secret ID is printed once created
+	secretListQuiet := podmanTest.Podman([]string{"secret", "list", "--quiet"})
+	secretListQuiet.WaitWithDefaultTimeout()
+	Expect(secretListQuiet).Should(Exit(0))
+	Expect(kube.OutputToString()).Should(ContainSubstring(secretListQuiet.OutputToString()))
 }
 
 func deleteAndTestSecret(podmanTest *PodmanTestIntegration, secretName string) {
@@ -3863,6 +3869,31 @@ invalid kube kind
 		Expect(checkls.OutputToStringArray()).To(BeEmpty())
 	})
 
+	It("podman play kube teardown with secret", func() {
+		err := writeYaml(secretYaml, kubeYaml)
+		Expect(err).ToNot(HaveOccurred())
+
+		kube := podmanTest.Podman([]string{"kube", "play", kubeYaml})
+		kube.WaitWithDefaultTimeout()
+		Expect(kube).Should(Exit(0))
+
+		ls := podmanTest.Podman([]string{"secret", "ls", "--format", "{{.ID}}"})
+		ls.WaitWithDefaultTimeout()
+		Expect(ls).Should(Exit(0))
+		Expect(ls.OutputToStringArray()).To(HaveLen(1))
+
+		//	 teardown
+		teardown := podmanTest.Podman([]string{"kube", "down", kubeYaml})
+		teardown.WaitWithDefaultTimeout()
+		Expect(teardown).Should(Exit(0))
+		Expect(teardown.OutputToString()).Should(ContainSubstring(ls.OutputToString()))
+
+		checkls := podmanTest.Podman([]string{"secret", "ls", "--format", "'{{.ID}}'"})
+		checkls.WaitWithDefaultTimeout()
+		Expect(checkls).Should(Exit(0))
+		Expect(checkls.OutputToStringArray()).To(BeEmpty())
+	})
+
 	It("podman play kube teardown pod does not exist", func() {
 		//	 teardown
 		teardown := podmanTest.Podman([]string{"play", "kube", "--down", kubeYaml})