1403376 – Linked secret remains in service account after deletion

Bug 1403376 - Linked secret remains in service account after deletion

Summary: Linked secret remains in service account after deletion

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	OpenShift Online
Classification:	Red Hat
Component:	oc
Sub Component:
Version:	3.x
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	low
Target Milestone:	---
Target Release:	---
Assignee:	Juan Vallejo
QA Contact:	XiaochuanWang
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-12-09 20:55 UTC by Will Gordon
Modified:	2017-11-09 18:48 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-11-09 18:48:35 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Will Gordon 2016-12-09 20:55:37 UTC

Description of problem:
Creating a link for a secret to a service account, remains even after the secret is deleted

Version-Release number of selected component (if applicable):
OpenShift Online v3.3.1.3
OpenShift Origin v1.4.0-rc1+b4e0954


How reproducible:
Every time


Steps to Reproduce:
1. oc secrets new my-pull-secret .dockercfg=/Users/wgordon/.docker/config.json
2. oc secrets link default --for=pull my-pull-secret
3. oc delete secret my-pull-secret

Actual results:
dhcp129-127:~ wgordon$ oc describe sa default
Name:		default
Namespace:	wgordon
Labels:		<none>

Tokens:            	default-token-i0dd6
                   	default-token-xe2u5

Image pull secrets:	default-dockercfg-llqsl
                   	my-pull-secret

Mountable secrets: 	default-token-xe2u5
                   	default-dockercfg-llqsl

Expected results:
Name:		default
Namespace:	wgordon
Labels:		<none>

Image pull secrets:	default-dockercfg-llqsl

Mountable secrets: 	default-token-xe2u5
                   	default-dockercfg-llqsl

Tokens:            	default-token-i0dd6
                   	default-token-xe2u5

Additional info:

Comment 1 Will Gordon 2016-12-09 21:01:59 UTC

CLI version: oc v3.3.1.3

Comment 2 Juan Vallejo 2016-12-20 19:31:04 UTC

Related upstream PR: https://github.com/kubernetes/kubernetes/pull/39036

Comment 3 Juan Vallejo 2017-01-18 16:42:45 UTC

Upstream PR merged: https://github.com/kubernetes/kubernetes/pull/39036
Fix will be in origin in the next kubernetes rebase.

Tagging as UpcomingRelease

Comment 4 XiaochuanWang 2017-01-19 05:46:03 UTC

Still reproduced on v3.5.0.6+87f6173
Move it to MODIFIED,  better to move back when PR is rebased.


# oc secret link default --for=pull my-secret
# oc describe sa default
Name:		default
Namespace:	xiaocwan-p
Labels:		<none>

Image pull secrets:	default-dockercfg-pwj9m
                   	my-secret

Mountable secrets: 	default-token-xlpjz
                   	default-dockercfg-pwj9m

Tokens:            	default-token-26cc2
                   	default-token-xlpjz

# oc delete secret my-secret
secret "my-secret" deleted
# oc describe sa default
Name:		default
Namespace:	xiaocwan-p
Labels:		<none>

Image pull secrets:	default-dockercfg-pwj9m
                   	my-secret

Mountable secrets: 	default-token-xlpjz
                   	default-dockercfg-pwj9m

Tokens:            	default-token-26cc2

Comment 5 XiaochuanWang 2017-07-05 09:38:29 UTC

# oc secrets link default --for=pull my-secret
# oc delete secret my-secret
secret "my-secret" deleted
# oc describe sa default
Name:		default
Namespace:	xiaocwan-t
Labels:		<none>
Annotations:	<none>

Image pull secrets:	default-dockercfg-m384z
                   	my-secret (not found)

Mountable secrets: 	default-token-fnz54
                   	default-dockercfg-m384z

Tokens:            	default-token-fnz54
                   	default-token-xqn27

Tested on oc v3.6.133
kubernetes v1.6.1+5115d708d7

QE is checking many Modified bugs if they're verifiable. Because fixed, moving to Verified. If improper, pls correct me, thx.

Note You need to log in before you can comment on or make changes to this bug.