Description of problem: The examples in "oc secrets link/unlink" help doc is incorrect. The usage is oc secrets link serviceaccounts-name secret-name [another-secret-name]... [flags] But the example is oc link serviceaccount-name pull-secret --for=pull Version-Release number of selected component (if applicable): Client Version: 4.6.0-202009181332.p0-a9f435f openshift-clients-4.6.0-202009181332.p0.git.3767.a46fcd4.el7.x86_64 How reproducible: Always Steps to Reproduce: 1. oc secrets link --help 2. oc secrets unlink --help 3. Actual results: $ oc secrets link --help Link secrets to a service account Linking a secret enables a service account to automatically use that secret for some forms of authentication. Usage: oc secrets link serviceaccounts-name secret-name [another-secret-name]... [flags] Examples: # Add an image pull secret to a service account to automatically use it for pulling pod images: oc link serviceaccount-name pull-secret --for=pull # Add an image pull secret to a service account to automatically use it for both pulling and pushing build images: oc link builder builder-image-secret --for=pull,mount # If the cluster's serviceAccountConfig is operating with limitSecretReferences: True, secrets must be added to the pod's service account whitelist in order to be available to the pod: oc link pod-sa pod-secret Options: --for=[mount]: type of secret to link: mount or pull Use "oc options" for a list of global command-line options (applies to all commands). $ oc secrets unlink --help Unlink (detach) secrets from a service account If a secret is no longer valid for a pod, build or image pull, you may unlink it from a service account. Usage: oc secrets unlink serviceaccount-name secret-name [another-secret-name] ... [flags] Examples: # Unlink a secret currently associated with a service account: oc unlink serviceaccount-name secret-name another-secret-name ... Options: --allow-missing-template-keys=true: If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats. -o, --output='': Output format. One of: json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file. --template='': Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview]. Use "oc options" for a list of global command-line options (applies to all commands). Expected results: The commands should be "oc secrets link", "oc secrets unlink", rather than "oc link", "oc unlink".
Verified bug with the payload below and i see that the help doc is incorrect. [ramakasturinarra@dhcp35-60 openshift-client-linux-4.6.0-0.nightly-2020-09-24-015627]$ ./oc version Client Version: 4.6.0-0.nightly-2020-09-24-015627 Server Version: 4.6.0-0.nightly-2020-09-24-015627 Kubernetes Version: v1.19.0+fff8183 [ramakasturinarra@dhcp35-60 openshift-client-linux-4.6.0-0.nightly-2020-09-24-015627]$ ./oc secrets link --help Link secrets to a service account Linking a secret enables a service account to automatically use that secret for some forms of authentication. Usage: oc secrets link serviceaccounts-name secret-name [another-secret-name]... [flags] Examples: # Add an image pull secret to a service account to automatically use it for pulling pod images: oc secrets link serviceaccount-name pull-secret --for=pull # Add an image pull secret to a service account to automatically use it for both pulling and pushing build images: oc secrets link builder builder-image-secret --for=pull,mount # If the cluster's serviceAccountConfig is operating with limitSecretReferences: True, secrets must be added to the pod's service account whitelist in order to be available to the pod: oc secrets link pod-sa pod-secret Options: --for=[mount]: type of secret to link: mount or pull Use "oc options" for a list of global command-line options (applies to all commands). [ramakasturinarra@dhcp35-60 openshift-client-linux-4.6.0-0.nightly-2020-09-24-015627]$ ./oc secrets unlink --help Unlink (detach) secrets from a service account If a secret is no longer valid for a pod, build or image pull, you may unlink it from a service account. Usage: oc secrets unlink serviceaccount-name secret-name [another-secret-name] ... [flags] Examples: # Unlink a secret currently associated with a service account: oc secrets unlink serviceaccount-name secret-name another-secret-name ... Options: --allow-missing-template-keys=true: If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats. -o, --output='': Output format. One of: json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file. --template='': Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview]. Use "oc options" for a list of global command-line options (applies to all commands). Based on the above moving bug to verified state.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4196