Adding supporting injected secrets via webhook

2025-10-22 15:38:06 +00:00 · 2021-09-29 08:46:23 -03:00
parent ee12dd449a
commit f439b04415
11 changed files with 429 additions and 58 deletions
--- a/operator/pkg/onepassword/deployments.go
+++ b/operator/pkg/onepassword/deployments.go
@@ -1,6 +1,9 @@
 package onepassword

 import (
+	"strings"
+
+	onepasswordv1 "github.com/1Password/onepassword-operator/operator/pkg/apis/onepassword/v1"
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 )
@@ -24,3 +27,14 @@ func GetUpdatedSecretsForDeployment(deployment *appsv1.Deployment, secrets map[s

 	return updatedSecretsForDeployment
 }
+
+func IsDeploymentUsingInjectedSecrets(deployment *appsv1.Deployment, items map[string]*onepasswordv1.OnePasswordItem) bool {
+	containers := deployment.Spec.Template.Spec.Containers
+	containers = append(containers, deployment.Spec.Template.Spec.InitContainers...)
+	injectedContainers, enabled := deployment.Spec.Template.Annotations[ContainerInjectAnnotation]
+	if !enabled {
+		return false
+	}
+	parsedInjectedContainers := strings.Split(injectedContainers, ",")
+	return AreContainersUsingInjectedSecrets(containers, parsedInjectedContainers, items)
+}