mirror of
https://github.com/1Password/onepassword-operator.git
synced 2025-10-22 15:38:06 +00:00
Adding supporting injected secrets via webhook
This commit is contained in:
@@ -1,6 +1,10 @@
|
||||
package onepassword
|
||||
|
||||
import corev1 "k8s.io/api/core/v1"
|
||||
import (
|
||||
onepasswordv1 "github.com/1Password/onepassword-operator/operator/pkg/apis/onepassword/v1"
|
||||
"github.com/1Password/onepassword-operator/operator/pkg/utils"
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
)
|
||||
|
||||
func AreContainersUsingSecrets(containers []corev1.Container, secrets map[string]*corev1.Secret) bool {
|
||||
for i := 0; i < len(containers); i++ {
|
||||
@@ -31,3 +35,29 @@ func AppendUpdatedContainerSecrets(containers []corev1.Container, secrets map[st
|
||||
}
|
||||
return updatedDeploymentSecrets
|
||||
}
|
||||
|
||||
func AreContainersUsingInjectedSecrets(containers []corev1.Container, injectedContainers []string, items map[string]*onepasswordv1.OnePasswordItem) bool {
|
||||
for _, container := range containers {
|
||||
envVariables := container.Env
|
||||
|
||||
// check if container was set to be injected with secrets
|
||||
for _, injectedContainer := range injectedContainers {
|
||||
if injectedContainer != container.Name {
|
||||
continue
|
||||
}
|
||||
}
|
||||
|
||||
// check if any environment variables are using an updated injected secret
|
||||
for _, envVariable := range envVariables {
|
||||
referenceVault, referenceItem, err := ParseReference(envVariable.Value)
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
_, itemFound := items[utils.BuildInjectedOnePasswordItemName(referenceVault, referenceItem)]
|
||||
if itemFound {
|
||||
return true
|
||||
}
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
Reference in New Issue
Block a user