From 24b639afcccdf06bd7fb71a1144981304839fac5 Mon Sep 17 00:00:00 2001
From: Jordan Liggitt <jliggitt@redhat.com>
Date: Wed, 22 Aug 2018 10:35:07 -0400
Subject: [PATCH] Make kubectl create secret tls work with process substitution

---
 pkg/kubectl/secret_for_tls.go | 14 ++++++++------
 test/cmd/core.sh              |  7 +++++++
 2 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/pkg/kubectl/secret_for_tls.go b/pkg/kubectl/secret_for_tls.go
index 1c3fffd045..862b822209 100644
--- a/pkg/kubectl/secret_for_tls.go
+++ b/pkg/kubectl/secret_for_tls.go
@@ -87,6 +87,14 @@ func (s SecretForTLSGeneratorV1) StructuredGenerate() (runtime.Object, error) {
 	if err != nil {
 		return nil, err
 	}
+
+	if _, err := tls.X509KeyPair(tlsCrt, tlsKey); err != nil {
+		return nil, fmt.Errorf("failed to load key pair %v", err)
+	}
+	// TODO: Add more validation.
+	// 1. If the certificate contains intermediates, it is a valid chain.
+	// 2. Format etc.
+
 	secret := &v1.Secret{}
 	secret.Name = s.Name
 	secret.Type = v1.SecretTypeTLS
@@ -133,11 +141,5 @@ func (s SecretForTLSGeneratorV1) validate() error {
 	if len(s.Cert) == 0 {
 		return fmt.Errorf("certificate must be specified")
 	}
-	if _, err := tls.LoadX509KeyPair(s.Cert, s.Key); err != nil {
-		return fmt.Errorf("failed to load key pair %v", err)
-	}
-	// TODO: Add more validation.
-	// 1. If the certificate contains intermediates, it is a valid chain.
-	// 2. Format etc.
 	return nil
 }
diff --git a/test/cmd/core.sh b/test/cmd/core.sh
index 0973022b2f..549703fa0e 100755
--- a/test/cmd/core.sh
+++ b/test/cmd/core.sh
@@ -751,6 +751,13 @@ run_secrets_test() {
   # Clean-up
   kubectl delete secret test-secret --namespace=test-secrets
 
+  # Command with process substitution
+  kubectl create secret tls test-secret --namespace=test-secrets --key <(cat hack/testdata/tls.key) --cert <(cat hack/testdata/tls.crt)
+  kube::test::get_object_assert 'secret/test-secret --namespace=test-secrets' "{{$id_field}}" 'test-secret'
+  kube::test::get_object_assert 'secret/test-secret --namespace=test-secrets' "{{$secret_type}}" 'kubernetes.io/tls'
+    # Clean-up
+  kubectl delete secret test-secret --namespace=test-secrets
+
   # Create a secret using stringData
   kubectl create --namespace=test-secrets -f - "${kube_flags[@]}" << __EOF__
 {