/
replacer.go
118 lines (99 loc) · 2.87 KB
/
replacer.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
package webhooks
import (
"context"
"net/http"
_ "github.com/aar10n/replacer/internal/pkg/providers/gcp"
"github.com/aar10n/replacer/internal/pkg/replacer"
"gomodules.xyz/jsonpatch/v2"
corev1 "k8s.io/api/core/v1"
"sigs.k8s.io/controller-runtime/pkg/client"
logf "sigs.k8s.io/controller-runtime/pkg/log"
"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
)
type ReplacerWebhook struct {
Client client.Client
decoder *admission.Decoder
}
func (w *ReplacerWebhook) Handle(ctx context.Context, req admission.Request) admission.Response {
log := logf.FromContext(ctx)
var patches []jsonpatch.Operation
var err error
switch req.RequestKind.Kind {
case "Secret":
secret := &corev1.Secret{}
err = w.decoder.Decode(req, secret)
if err != nil {
return admission.Errored(http.StatusBadRequest, err)
} else if len(secret.Data) == 0 {
return admission.Allowed("no data to replace")
}
log.Info("Handle.Secret", "name", secret.Name, "namespace", secret.Namespace)
patches, err = w.replaceInSecret(ctx, secret)
case "ConfigMap":
cm := &corev1.ConfigMap{}
err = w.decoder.Decode(req, cm)
if err != nil {
return admission.Errored(http.StatusBadRequest, err)
} else if len(cm.Data) == 0 {
return admission.Allowed("no data to replace")
}
log.Info("Handle.ConfigMap", "name", cm.Name, "namespace", cm.Namespace)
patches, err = w.replaceInConfigMap(ctx, cm)
default:
return admission.Allowed("not a secret or configmap")
}
if err != nil {
return admission.Errored(http.StatusBadRequest, err)
} else if patches == nil || len(patches) == 0 {
return admission.Allowed("no changes")
}
return admission.Patched("replacer changes", patches...)
}
func (w *ReplacerWebhook) InjectDecoder(d *admission.Decoder) error {
w.decoder = d
return nil
}
//
func (w *ReplacerWebhook) replaceInSecret(ctx context.Context, secret *corev1.Secret) ([]jsonpatch.Operation, error) {
r, err := replacer.New(secret.Annotations)
if err != nil {
return nil, err
}
var patches []jsonpatch.Operation
for k, oldValueB := range secret.Data {
oldValue := string(oldValueB)
newValue, err := r.ReplaceAll(oldValue)
if err != nil {
return nil, err
} else if newValue == oldValue {
continue
}
patches = append(patches, jsonpatch.Operation{
Operation: "replace",
Path: "/data/" + k,
Value: newValue,
})
}
return patches, nil
}
func (w *ReplacerWebhook) replaceInConfigMap(ctx context.Context, cm *corev1.ConfigMap) ([]jsonpatch.Operation, error) {
r, err := replacer.New(cm.Annotations)
if err != nil {
return nil, err
}
var patches []jsonpatch.Operation
for k, v := range cm.Data {
newV, err := r.ReplaceAll(v)
if err != nil {
return nil, err
}
if newV != v {
patches = append(patches, jsonpatch.Operation{
Operation: "replace",
Path: "/data/" + k,
Value: newV,
})
}
}
return []jsonpatch.Operation{}, nil
}