This repository has been archived by the owner on Oct 9, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 60
/
secrets.go
62 lines (48 loc) · 1.46 KB
/
secrets.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
package webhook
import (
"context"
"github.com/flyteorg/flytepropeller/pkg/controller/nodes/task/secretmanager"
"github.com/flyteorg/flytestdlib/logger"
"github.com/flyteorg/flytestdlib/promutils"
"github.com/flyteorg/flyteidl/gen/pb-go/flyteidl/core"
secretUtils "github.com/flyteorg/flytepropeller/pkg/utils/secrets"
corev1 "k8s.io/api/core/v1"
)
type SecretsMutator struct {
injectors []SecretsInjector
}
type SecretsInjector interface {
ID() string
Inject(ctx context.Context, secrets *core.Secret, p *corev1.Pod) (newP *corev1.Pod, injected bool, err error)
}
func (s SecretsMutator) ID() string {
return "secrets"
}
func (s *SecretsMutator) Mutate(ctx context.Context, p *corev1.Pod) (newP *corev1.Pod, injected bool, err error) {
secrets, err := secretUtils.UnmarshalStringMapToSecrets(p.GetAnnotations())
if err != nil {
return p, false, err
}
for _, secret := range secrets {
for _, injector := range s.injectors {
p, injected, err = injector.Inject(ctx, secret, p)
if err != nil {
logger.Infof(ctx, "Failed to inject a secret using injector [%v]. Error: %v", injector.ID(), err)
} else if injected {
break
}
}
if err != nil {
return p, false, err
}
}
return p, injected, nil
}
func NewSecretsMutator(_ promutils.Scope) *SecretsMutator {
return &SecretsMutator{
injectors: []SecretsInjector{
NewGlobalSecrets(secretmanager.NewFileEnvSecretManager(secretmanager.GetConfig())),
NewK8sSecretsInjector(),
},
}
}