Bug 1571730

Summary: [svcat] `svcat provision(or bind) ` with optional flags `-s, --secret` failed
Product: OpenShift Container Platform Reporter: sunzhaohua <zhsun>
Component: Service CatalogAssignee: Jay Boyd <jaboyd>
Status: CLOSED NOTABUG QA Contact: sunzhaohua <zhsun>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.10.0CC: chezhang, jaboyd, jiazha, zitang
Target Milestone: ---   
Target Release: 3.10.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-04-27 20:05:33 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description sunzhaohua 2018-04-25 10:18:33 UTC
Description of problem:
`svcat provision ` with optional flags `-s, --secret` failed
`svcat bind ` with optional flags `-s, --secret` failed

Version-Release number of selected component (if applicable):
svcat:
client: v3.10.0-0.27.0;Upstream:v0.1.13
server: v1.10.0+b81c8f8

How reproducible:
Always

Steps to Reproduce:
1. create a broker ups-broker by https://github.com/kubernetes-incubator/service-catalog/tree/master/charts/ups-broker
2. create a secret,for example:
#oc  create secret generic my-secret --from-literal=username=QualityAssurance --from-literal=password=VHVFhPS5TEG8dud9
3. run `svcat provision ` with optional flags `-s, --secret`


Actual results:
provision failed.

$ svcat provision -n szh-project ups-instance8 --class user-provided-service --plan default  --secret my-secret[username]  
  Name:        ups-instance8          
  Namespace:   szh-project            
  Status:                             
  Class:       user-provided-service  
  Plan:        default                

Parameters:
  {}

$ svcat get instance
         NAME            NAMESPACE            CLASS            PLAN              STATUS           
+---------------------+-------------+-----------------------+---------+--------------------------+                  
  ups-instance8          szh-project   user-provided-service   default   ErrorWithParameters 

$ svcat describe instance ups-instance8
  Name:        ups-instance8                                                                                                                                                                                                           
  Namespace:   szh-project                                                                                                                                                                                                       
  Status:      ErrorWithParameters - failed to prepare parameters &RawExtension{Raw:*[123 125],}: failed to unmarshal parameters as JSON object: invalid character 'Q' looking for beginning of value @ 2018-04-25 05:29:43 +0000 UTC  
  Class:       user-provided service                                                                                                                                                                                                   
  Plan:        default                                                                                                                                                                                                                 

Parameters:
  {}

Bindings:
No bindings defined

$ oc describe serviceinstance.servicecatalog.k8s.io ups-instance8
Status:
  Async Op In Progress:  false
  Conditions:
    Last Transition Time:         2018-04-25T05:29:59Z
    Message:                      failed to prepare parameters &RawExtension{Raw:*[123 125],}: failed to unmarshal parameters as JSON object: invalid character 'Q' looking for beginning of value
    Reason:                       ErrorWithParameters
    Status:                       False
    Type:                         Ready
  Deprovision Status:             NotRequired
  Observed Generation:            1
  Orphan Mitigation In Progress:  false
  Provision Status:               
  Reconciled Generation:          0
Events:
  Type     Reason               Age                From                                Message
  ----     ------               ----               ----                                -------
  Warning  ErrorWithParameters  1m (x43 over 11m)  service-catalog-controller-manager  failed to prepare parameters &RawExtension{Raw:*[123 125],}: failed to unmarshal parameters as JSON object: invalid character 'Q' looking for beginning of value


Expected results:
 `svcat provision` with optional flags `-s, --secret`  successful.

Additional info:
 `svcat bind` with optional flags `-s, --secret`  has the same problem.

Comment 1 Jay Boyd 2018-04-27 20:05:33 UTC
The test case data for the secret is not valid, the secret's value must be valid json. See the details at https://github.com/kubernetes-incubator/service-catalog/blob/master/docs/parameters.md.  

The following example works:

create a file called my-secret.json with the following contents:
{
   "apiVersion":"v1",
   "kind":"Secret",
   "metadata":{
      "name":"my-secret",
      "namespace":"szh-project"
   },
   "type":"Opaque",
   "stringData":{
      "parameters":"{\"DATABASE_SERVICE_NAME\":\"postgresql\",\"MEMORY_LIMIT\":\"512Mi\",\"NAMESPACE\":\"openshift\",\"POSTGRESQL_DATABASE\":\"sampledb\",\"POSTGRESQL_VERSION\":\"9.5\",\"VOLUME_CAPACITY\":\"1Gi\"}"
   }
}


Create the secret with the following command:
$ kubectl create -f my-secret.json


View the secret, it should look something like this:
$ kubectl get secret mysecret -n szh-project -o yaml
apiVersion: v1
data:
  parameters: eyJEQVRBQkFTRV9TRVJWSUNFX05BTUUiOiJwb3N0Z3Jlc3FsIiwiTUVNT1JZX0xJTUlUIjoiNTEyTWkiLCJOQU1FU1BBQ0UiOiJvcGVuc2hpZnQiLCJQT1NUR1JFU1FMX0RBVEFCQVNFIjoic2FtcGxlZGIiLCJQT1NUR1JFU1FMX1ZFUlNJT04iOiI5LjUiLCJWT0xVTUVfQ0FQQUNJVFkiOiIxR2kifQ==
kind: Secret
metadata:
  creationTimestamp: 2018-04-27T19:22:00Z
  name: mysecret
  namespace: szh-project
  resourceVersion: "5496"
  selfLink: /api/v1/namespaces/szh-project/secrets/mysecret
  uid: 4261fbe7-4a50-11e8-b7dc-c85b76aab8ec
type: Opaque



Provision a service instance with it:
$ svcat provision -n szh-project ups-instance8 --class user-provided-service --plan default  --secret mysecret[parameters]



They key name (parameters) must match the key used in the my-secret.json.

This appears to work correctly, I'm going to close as not a bug.  I am creating a PR to help clarify the documentation upstream.