From d36a30b5cc1a60bd40aa809cb368394f2208c132 Mon Sep 17 00:00:00 2001
From: Geert Pingen <geertpingen@gmail.com>
Date: Sat, 8 Jul 2023 12:12:16 +0200
Subject: [PATCH] Updates k8s_secrets

Signed-off-by: Geert Pingen <geertpingen@gmail.com>
---
 flytepropeller/pkg/webhook/global_secrets.go | 84 +++++++++++++-------
 flytepropeller/pkg/webhook/k8s_secrets.go    | 12 +--
 2 files changed, 61 insertions(+), 35 deletions(-)

diff --git a/flytepropeller/pkg/webhook/global_secrets.go b/flytepropeller/pkg/webhook/global_secrets.go
index e883ae3d7d..a796f3122b 100644
--- a/flytepropeller/pkg/webhook/global_secrets.go
+++ b/flytepropeller/pkg/webhook/global_secrets.go
@@ -36,37 +36,40 @@ func (g GlobalSecrets) Inject(ctx context.Context, secret *coreIdl.Secret, p *co
 		return p, false, err
 	}
 
-	switch secret.MountRequirement {
-	case coreIdl.Secret_FILE:
-		return nil, false, fmt.Errorf("global secrets can only be injected as environment "+
-			"variables [%v/%v]", secret.Group, secret.Key)
-	case coreIdl.Secret_ANY:
-		fallthrough
-	case coreIdl.Secret_ENV_VAR:
-		if len(secret.Group) == 0 {
-			return nil, false, fmt.Errorf("mounting a secret to env var requires selecting the "+
-				"secret and a single key within. Key [%v]", secret.Key)
+	if secret.MountTarget != nil {
+		switch secret.MountTarget.(type) {
+		case *coreIdl.Secret_EnvVar:
+			target, ok := secret.GetMountTarget().(*coreIdl.Secret_EnvVar)
+			if ok {
+				InjectEnvVar(p, secret, &target.EnvVar.Name, v)
+			}
+		case *coreIdl.Secret_File:
+			return nil, false, fmt.Errorf("global secrets can only be injected as environment "+
+				"variables [%v/%v]", secret.Group, secret.Key)
+		default:
+			err := fmt.Errorf("unrecognized mount target [%v] for secret [%v]", secret.GetMountTarget(), secret.Key)
+			logger.Error(ctx, err)
+			return p, false, err
 		}
-
-		envVar := corev1.EnvVar{
-			Name:  strings.ToUpper(K8sDefaultEnvVarPrefix + secret.Group + EnvVarGroupKeySeparator + secret.Key),
-			Value: v,
-		}
-
-		prefixEnvVar := corev1.EnvVar{
-			Name:  SecretEnvVarPrefix,
-			Value: K8sDefaultEnvVarPrefix,
+	} else {
+		switch secret.MountRequirement {
+		case coreIdl.Secret_FILE:
+			return nil, false, fmt.Errorf("global secrets can only be injected as environment "+
+				"variables [%v/%v]", secret.Group, secret.Key)
+		case coreIdl.Secret_ANY:
+			fallthrough
+		case coreIdl.Secret_ENV_VAR:
+			if len(secret.Group) == 0 {
+				return nil, false, fmt.Errorf("mounting a secret to env var requires selecting the "+
+					"secret and a single key within. Key [%v]", secret.Key)
+			}
+
+			InjectEnvVar(p, secret, nil, v)
+		default:
+			err := fmt.Errorf("unrecognized mount requirement [%v] for secret [%v]", secret.MountRequirement.String(), secret.Key)
+			logger.Error(ctx, err)
+			return p, false, err
 		}
-
-		p.Spec.InitContainers = AppendEnvVars(p.Spec.InitContainers, prefixEnvVar)
-		p.Spec.Containers = AppendEnvVars(p.Spec.Containers, prefixEnvVar)
-
-		p.Spec.InitContainers = AppendEnvVars(p.Spec.InitContainers, envVar)
-		p.Spec.Containers = AppendEnvVars(p.Spec.Containers, envVar)
-	default:
-		err := fmt.Errorf("unrecognized mount requirement [%v] for secret [%v]", secret.MountRequirement.String(), secret.Key)
-		logger.Error(ctx, err)
-		return p, false, err
 	}
 
 	return p, true, nil
@@ -77,3 +80,26 @@ func NewGlobalSecrets(provider GlobalSecretProvider) GlobalSecrets {
 		envSecretManager: provider,
 	}
 }
+
+func InjectEnvVar(p *corev1.Pod, secret *coreIdl.Secret, envVarName *string, value string) {
+	_envVarName := strings.ToUpper(K8sDefaultEnvVarPrefix + secret.Group + EnvVarGroupKeySeparator + secret.Key)
+	if envVarName != nil {
+		_envVarName = *envVarName
+	}
+
+	envVar := corev1.EnvVar{
+		Name:  _envVarName,
+		Value: value,
+	}
+
+	prefixEnvVar := corev1.EnvVar{
+		Name:  SecretEnvVarPrefix,
+		Value: K8sDefaultEnvVarPrefix,
+	}
+
+	p.Spec.InitContainers = AppendEnvVars(p.Spec.InitContainers, prefixEnvVar)
+	p.Spec.Containers = AppendEnvVars(p.Spec.Containers, prefixEnvVar)
+
+	p.Spec.InitContainers = AppendEnvVars(p.Spec.InitContainers, envVar)
+	p.Spec.Containers = AppendEnvVars(p.Spec.Containers, envVar)
+}
diff --git a/flytepropeller/pkg/webhook/k8s_secrets.go b/flytepropeller/pkg/webhook/k8s_secrets.go
index 3207dffb24..a9d8f341cf 100644
--- a/flytepropeller/pkg/webhook/k8s_secrets.go
+++ b/flytepropeller/pkg/webhook/k8s_secrets.go
@@ -50,12 +50,12 @@ func (i K8sSecretInjector) Inject(ctx context.Context, secret *core.Secret, p *c
 		case *core.Secret_EnvVar:
 			target, ok := secret.GetMountTarget().(*core.Secret_EnvVar)
 			if ok {
-				injectSecretAsEnvVar(p, secret, &target.EnvVar.Name)
+				InjectSecretAsEnvVar(p, secret, &target.EnvVar.Name)
 			}
 		case *core.Secret_File:
 			target, ok := secret.GetMountTarget().(*core.Secret_File)
 			if ok {
-				injectSecretAsFile(p, secret, &target.File.Path)
+				InjectSecretAsFile(p, secret, &target.File.Path)
 			}
 		default:
 			err := fmt.Errorf("unrecognized mount target [%v] for secret [%v]", secret.GetMountTarget(), secret.Key)
@@ -67,9 +67,9 @@ func (i K8sSecretInjector) Inject(ctx context.Context, secret *core.Secret, p *c
 		case core.Secret_ANY:
 			fallthrough
 		case core.Secret_FILE:
-			injectSecretAsFile(p, secret, nil)
+			InjectSecretAsFile(p, secret, nil)
 		case core.Secret_ENV_VAR:
-			injectSecretAsEnvVar(p, secret, nil)
+			InjectSecretAsEnvVar(p, secret, nil)
 		default:
 			err := fmt.Errorf("unrecognized mount requirement [%v] for secret [%v]", secret.MountRequirement.String(), secret.Key)
 			logger.Error(ctx, err)
@@ -84,7 +84,7 @@ func NewK8sSecretsInjector() K8sSecretInjector {
 	return K8sSecretInjector{}
 }
 
-func injectSecretAsFile(p *corev1.Pod, secret *core.Secret, mountPath *string) {
+func InjectSecretAsFile(p *corev1.Pod, secret *core.Secret, mountPath *string) {
 	// Inject a Volume that to the pod and all of its containers and init containers that mounts the secret into a
 	// file.
 	volume := CreateVolumeForSecret(secret)
@@ -117,7 +117,7 @@ func injectSecretAsFile(p *corev1.Pod, secret *core.Secret, mountPath *string) {
 	p.Spec.Containers = AppendEnvVars(p.Spec.Containers, prefixEnvVar)
 }
 
-func injectSecretAsEnvVar(p *corev1.Pod, secret *core.Secret, envVarName *string) {
+func InjectSecretAsEnvVar(p *corev1.Pod, secret *core.Secret, envVarName *string) {
 	envVar := CreateEnvVarForSecret(secret)
 	if envVarName != nil {
 		envVar = CreateNamedEnvVarForSecret(secret, *envVarName)