Adding supporting injected secrets via webhook

This commit is contained in:
jillianwilson
2021-09-29 08:46:23 -03:00
parent ee12dd449a
commit f439b04415
11 changed files with 429 additions and 58 deletions

View File

@@ -1,6 +1,10 @@
package onepassword
import corev1 "k8s.io/api/core/v1"
import (
onepasswordv1 "github.com/1Password/onepassword-operator/operator/pkg/apis/onepassword/v1"
"github.com/1Password/onepassword-operator/operator/pkg/utils"
corev1 "k8s.io/api/core/v1"
)
func AreContainersUsingSecrets(containers []corev1.Container, secrets map[string]*corev1.Secret) bool {
for i := 0; i < len(containers); i++ {
@@ -31,3 +35,29 @@ func AppendUpdatedContainerSecrets(containers []corev1.Container, secrets map[st
}
return updatedDeploymentSecrets
}
func AreContainersUsingInjectedSecrets(containers []corev1.Container, injectedContainers []string, items map[string]*onepasswordv1.OnePasswordItem) bool {
for _, container := range containers {
envVariables := container.Env
// check if container was set to be injected with secrets
for _, injectedContainer := range injectedContainers {
if injectedContainer != container.Name {
continue
}
}
// check if any environment variables are using an updated injected secret
for _, envVariable := range envVariables {
referenceVault, referenceItem, err := ParseReference(envVariable.Value)
if err != nil {
continue
}
_, itemFound := items[utils.BuildInjectedOnePasswordItemName(referenceVault, referenceItem)]
if itemFound {
return true
}
}
}
return false
}