Bug 1880959
| Summary: | The examples in "oc secrets link/unlink" help doc is incorrect | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Liang Xia <lxia> |
| Component: | oc | Assignee: | Jan Chaloupka <jchaloup> |
| Status: | CLOSED ERRATA | QA Contact: | RamaKasturi <knarra> |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | 4.6 | CC: | aos-bugs, jokerman, knarra, mfojtik |
| Target Milestone: | --- | ||
| Target Release: | 4.6.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-10-27 16:42:58 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Verified bug with the payload below and i see that the help doc is incorrect.
[ramakasturinarra@dhcp35-60 openshift-client-linux-4.6.0-0.nightly-2020-09-24-015627]$ ./oc version
Client Version: 4.6.0-0.nightly-2020-09-24-015627
Server Version: 4.6.0-0.nightly-2020-09-24-015627
Kubernetes Version: v1.19.0+fff8183
[ramakasturinarra@dhcp35-60 openshift-client-linux-4.6.0-0.nightly-2020-09-24-015627]$ ./oc secrets link --help
Link secrets to a service account
Linking a secret enables a service account to automatically use that secret for some forms of authentication.
Usage:
oc secrets link serviceaccounts-name secret-name [another-secret-name]... [flags]
Examples:
# Add an image pull secret to a service account to automatically use it for pulling pod images:
oc secrets link serviceaccount-name pull-secret --for=pull
# Add an image pull secret to a service account to automatically use it for both pulling and pushing build images:
oc secrets link builder builder-image-secret --for=pull,mount
# If the cluster's serviceAccountConfig is operating with limitSecretReferences: True, secrets must be added to the
pod's service account whitelist in order to be available to the pod:
oc secrets link pod-sa pod-secret
Options:
--for=[mount]: type of secret to link: mount or pull
Use "oc options" for a list of global command-line options (applies to all commands).
[ramakasturinarra@dhcp35-60 openshift-client-linux-4.6.0-0.nightly-2020-09-24-015627]$ ./oc secrets unlink --help
Unlink (detach) secrets from a service account
If a secret is no longer valid for a pod, build or image pull, you may unlink it from a service account.
Usage:
oc secrets unlink serviceaccount-name secret-name [another-secret-name] ... [flags]
Examples:
# Unlink a secret currently associated with a service account:
oc secrets unlink serviceaccount-name secret-name another-secret-name ...
Options:
--allow-missing-template-keys=true: If true, ignore any errors in templates when a field or map key is missing in
the template. Only applies to golang and jsonpath output formats.
-o, --output='': Output format. One of:
json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file.
--template='': Template string or path to template file to use when -o=go-template, -o=go-template-file. The
template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
Use "oc options" for a list of global command-line options (applies to all commands).
Based on the above moving bug to verified state.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4196 |
Description of problem: The examples in "oc secrets link/unlink" help doc is incorrect. The usage is oc secrets link serviceaccounts-name secret-name [another-secret-name]... [flags] But the example is oc link serviceaccount-name pull-secret --for=pull Version-Release number of selected component (if applicable): Client Version: 4.6.0-202009181332.p0-a9f435f openshift-clients-4.6.0-202009181332.p0.git.3767.a46fcd4.el7.x86_64 How reproducible: Always Steps to Reproduce: 1. oc secrets link --help 2. oc secrets unlink --help 3. Actual results: $ oc secrets link --help Link secrets to a service account Linking a secret enables a service account to automatically use that secret for some forms of authentication. Usage: oc secrets link serviceaccounts-name secret-name [another-secret-name]... [flags] Examples: # Add an image pull secret to a service account to automatically use it for pulling pod images: oc link serviceaccount-name pull-secret --for=pull # Add an image pull secret to a service account to automatically use it for both pulling and pushing build images: oc link builder builder-image-secret --for=pull,mount # If the cluster's serviceAccountConfig is operating with limitSecretReferences: True, secrets must be added to the pod's service account whitelist in order to be available to the pod: oc link pod-sa pod-secret Options: --for=[mount]: type of secret to link: mount or pull Use "oc options" for a list of global command-line options (applies to all commands). $ oc secrets unlink --help Unlink (detach) secrets from a service account If a secret is no longer valid for a pod, build or image pull, you may unlink it from a service account. Usage: oc secrets unlink serviceaccount-name secret-name [another-secret-name] ... [flags] Examples: # Unlink a secret currently associated with a service account: oc unlink serviceaccount-name secret-name another-secret-name ... Options: --allow-missing-template-keys=true: If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats. -o, --output='': Output format. One of: json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file. --template='': Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview]. Use "oc options" for a list of global command-line options (applies to all commands). Expected results: The commands should be "oc secrets link", "oc secrets unlink", rather than "oc link", "oc unlink".