Change to avoid error when service account has empty secret name

Avoid pod-generation error when a service account has following empty named secret field secrets: - {}
tektoncd · Mar 3, 2021 · e43dc57 · e43dc57
1 parent 5f9e102
commit e43dc57
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 0 deletions.
diff --git a/pkg/pod/creds_init.go b/pkg/pod/creds_init.go
@@ -73,6 +73,9 @@ func credsInit(ctx context.Context, serviceAccountName, namespace string, kubecl
 	var volumes []corev1.Volume
 	args := []string{}
 	for _, secretEntry := range sa.Secrets {
+		if secretEntry.Name == "" {
+			continue
+		}
 		secret, err := kubeclient.CoreV1().Secrets(namespace).Get(ctx, secretEntry.Name, metav1.GetOptions{})
 		if err != nil {
 			return nil, nil, nil, err

diff --git a/pkg/pod/creds_init_test.go b/pkg/pod/creds_init_test.go
@@ -222,6 +222,39 @@ func TestCredsInit(t *testing.T) {
 			MountPath: "/tekton/creds-secrets/foo.bar.com",
 		}},
 		ctx: context.Background(),
+	}, {
+		desc: "service account has empty-named secrets",
+		objs: []runtime.Object{
+			&corev1.ServiceAccount{
+				ObjectMeta: metav1.ObjectMeta{Name: serviceAccountName, Namespace: namespace},
+				Secrets: []corev1.ObjectReference{{
+					Name: "my-creds",
+				}, {}},
+			},
+			&corev1.Secret{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "my-creds",
+					Namespace: namespace,
+					Annotations: map[string]string{
+						"tekton.dev/git-0": "github.com",
+					},
+				},
+				Type: "kubernetes.io/basic-auth",
+				Data: map[string][]byte{
+					"username": []byte("foo"),
+					"password": []byte("BestEver"),
+				},
+			},
+		},
+		envVars: []corev1.EnvVar{},
+		wantArgs: []string{
+			"-basic-git=my-creds=github.com",
+		},
+		wantVolumeMounts: []corev1.VolumeMount{{
+			Name:      "tekton-internal-secret-volume-my-creds-9l9zj",
+			MountPath: "/tekton/creds-secrets/my-creds",
+		}},
+		ctx: context.Background(),
 	}} {
 		t.Run(c.desc, func(t *testing.T) {
 			names.TestingSeed()