Fix namespace validation to prevent mismatch errors#1754
Merged
alvneiayu merged 3 commits intobitnami-labs:mainfrom Jul 18, 2025
Merged
Fix namespace validation to prevent mismatch errors#1754alvneiayu merged 3 commits intobitnami-labs:mainfrom
alvneiayu merged 3 commits intobitnami-labs:mainfrom
Conversation
Fixes namespace validation issue where kubeseal would fail when the input secret has a namespace different from the one specified via -n flag. Changes: - Add validation to detect namespace mismatches between input secret and CLI flag - Only enforce namespace validation when namespace is explicitly set via command line - Preserve existing behavior for secrets without namespaces - Add comprehensive tests for namespace validation scenarios Fixes bitnami-labs#1316 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <[email protected]> Signed-off-by: cyrgim <[email protected]>
The namespace validation changes in the previous commit introduced a regression where tests started requiring actual Kubernetes configuration files (.kube/config). This happened because the new namespace validation logic calls clientConfig.Namespace() during the sealing process, which tries to load real Kubernetes configuration. Changes: - Add mockClientConfig type that implements clientcmd.ClientConfig interface - Replace testClientConfig() calls with mock instances in failing tests - Mock provides controlled namespace behavior without file dependencies - Ensures tests run reliably in environments without .kube/config Fixes the 12 failing tests that were showing "invalid configuration: no configuration has been provided" errors. All 107 tests now pass successfully. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <[email protected]> Signed-off-by: cyrgim <[email protected]>
cyrgim
force-pushed
the
fix-namespace-validation
branch
from
1083ace to
0ded077
Compare
Removed duplicate test configuration helpers that were no longer needed after introducing mock client configs. This simplifies the test codebase and improves maintainability. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <[email protected]> Signed-off-by: cyrgim <[email protected]>
cyrgim
force-pushed
the
fix-namespace-validation
branch
from
2cdf81e to
960b931
Compare
alvneiayu
approved these changes
Jul 18, 2025
Collaborator
alvneiayu
left a comment
alvneiayu
left a comment
There was a problem hiding this comment.
Amazing job. Thanks a lot for your contribution
tmeijn
pushed a commit
to tmeijn/dotfiles
that referenced
this pull request
Aug 21, 2025
This MR contains the following updates: | Package | Update | Change | |---|---|---| | [bitnami-labs/sealed-secrets](https://github.com/bitnami-labs/sealed-secrets) | minor | `v0.30.0` -> `v0.31.0` | MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot). **Proposed changes to behavior should be submitted there as MRs.** --- ### Release Notes <details> <summary>bitnami-labs/sealed-secrets (bitnami-labs/sealed-secrets)</summary> ### [`v0.31.0`](https://github.com/bitnami-labs/sealed-secrets/blob/HEAD/RELEASE-NOTES.md#v0310) [Compare Source](bitnami-labs/sealed-secrets@v0.30.0...v0.31.0) - Helm: add watch for secrets ([#​1758](bitnami-labs/sealed-secrets#1758)) - Simplify VIB helm chart validation ([#​1771](bitnami-labs/sealed-secrets#1771)) - Fix: metrics cleanup for deleted SealedSecrets ([#​1764](bitnami-labs/sealed-secrets#1764)) - Fix keyrenewperiod template chart ([#​1756](bitnami-labs/sealed-secrets#1756)) - Fix namespace validation to prevent mismatch errors ([#​1754](bitnami-labs/sealed-secrets#1754)) - Bump VIB action version and updates the service URL ([#​1770](bitnami-labs/sealed-secrets#1770)) - Bump golang version to latest available one for 1.24 ([#​1769](bitnami-labs/sealed-secrets#1769)) - Bump golang.org/x/crypto from 0.40.0 to 0.41.0 ([#​1768](bitnami-labs/sealed-secrets#1768)) - Bump github.com/prometheus/client\_golang from 1.22.0 to 1.23.0 ([#​1767](bitnami-labs/sealed-secrets#1767)) - Bump k8s.io/api from 0.33.2 to 0.33.3 ([#​1766](bitnami-labs/sealed-secrets#1766)) - Bump github.com/spf13/pflag from 1.0.6 to 1.0.7 ([#​1765](bitnami-labs/sealed-secrets#1765)) - Bump k8s.io/client-go from 0.33.2 to 0.33.3 ([#​1761](bitnami-labs/sealed-secrets#1761)) - Bump github.com/onsi/gomega from 1.37.0 to 1.38.0 ([#​1760](bitnami-labs/sealed-secrets#1760)) - Bump k8s.io/code-generator from 0.33.2 to 0.33.3 ([#​1759](bitnami-labs/sealed-secrets#1759)) - Bump golang.org/x/crypto from 0.39.0 to 0.40.0 ([#​1755](bitnami-labs/sealed-secrets#1755)) - Bump k8s.io/code-generator from 0.33.1 to 0.33.2 ([#​1752](bitnami-labs/sealed-secrets#1752)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS44MS41IiwidXBkYXRlZEluVmVyIjoiNDEuODEuNSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiUmVub3ZhdGUgQm90Il19-->
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes namespace validation issue where kubeseal would fail when the input secret has a namespace different from the one specified via -n flag.
Namespace Validation
Test Infrastructure Improvements
Fixes #1316
🤖 Generated with Claude Code