fix secretRef and handle invalid target config

fjogeleit · fjogeleit · commit 63a89d8885e1 · 2025-03-11T10:41:50.000+01:00
Signed-off-by: Frank Jogeleit &lt;frank.jogeleit@web.de&gt;
diff --git a/cmd/run.go b/cmd/run.go
@@ -178,6 +178,8 @@ func newRunCMD(version string) *cobra.Command {
 
 			if c.CRD.TargetConfig {
 				g.Go(func() error {
+					readinessProbe.Wait()
+
 					stop := make(chan struct{})
 					client, err := resolver.TargetConfigClient()
 					if err != nil {
diff --git a/pkg/helper/first.go b/pkg/helper/first.go
@@ -0,0 +1,9 @@
+package helper
+
+func First[T any](list []*T) *T {
+	if len(list) == 0 {
+		return nil
+	}
+
+	return list[0]
+}
diff --git a/pkg/helper/first_test.go b/pkg/helper/first_test.go
@@ -0,0 +1,24 @@
+package helper_test
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+
+	"github.com/kyverno/policy-reporter/pkg/helper"
+)
+
+type item struct {
+	val int
+}
+
+func TestFirst(t *testing.T) {
+	t.Run("return nil for empty list", func(t *testing.T) {
+		assert.Nil(t, helper.First([]*item{}))
+	})
+
+	t.Run("return first item", func(t *testing.T) {
+		assert.Equal(t, 0, helper.First([]*item{{val: 0}, {val: 1}}).val)
+		assert.Equal(t, 3, helper.First([]*item{{val: 3}, {val: 1}, {val: 2}}).val)
+	})
+}
diff --git a/pkg/target/factory/factory.go b/pkg/target/factory/factory.go
@@ -14,6 +14,7 @@ import (
 
 	"github.com/kyverno/policy-reporter/pkg/crd/api/targetconfig/v1alpha1"
 	"github.com/kyverno/policy-reporter/pkg/filters"
+	"github.com/kyverno/policy-reporter/pkg/helper"
 	"github.com/kyverno/policy-reporter/pkg/kubernetes/secrets"
 	"github.com/kyverno/policy-reporter/pkg/report"
 	"github.com/kyverno/policy-reporter/pkg/target"
@@ -99,38 +100,26 @@ func (f *TargetFactory) CreateClients(config *target.Targets) *target.Collection
 }
 
 func (f *TargetFactory) CreateSingleClient(tc *v1alpha1.TargetConfig) (*target.Target, error) {
-	var t *target.Target
-
 	if tc.Spec.S3 != nil {
-		t = createClients(tc.Name, createConfig(tc, tc.Spec.S3), f.CreateS3Target)[0]
-		return t, nil
+		return helper.First(createClients(tc.Name, createConfig(tc, tc.Spec.S3), f.CreateS3Target)), nil
 	} else if tc.Spec.Webhook != nil {
-		t = createClients(tc.Name, createConfig(tc, tc.Spec.Webhook), f.CreateWebhookTarget)[0]
-		return t, nil
+		return helper.First(createClients(tc.Name, createConfig(tc, tc.Spec.Webhook), f.CreateWebhookTarget)), nil
 	} else if tc.Spec.GCS != nil {
-		t = createClients(tc.Name, createConfig(tc, tc.Spec.GCS), f.CreateGCSTarget)[0]
-		return t, nil
+		return helper.First(createClients(tc.Name, createConfig(tc, tc.Spec.GCS), f.CreateGCSTarget)), nil
 	} else if tc.Spec.ElasticSearch != nil {
-		t = createClients(tc.Name, createConfig(tc, tc.Spec.ElasticSearch), f.CreateElasticsearchTarget)[0]
-		return t, nil
+		return helper.First(createClients(tc.Name, createConfig(tc, tc.Spec.ElasticSearch), f.CreateElasticsearchTarget)), nil
 	} else if tc.Spec.Telegram != nil {
-		t = createClients(tc.Name, createConfig(tc, tc.Spec.Telegram), f.CreateTelegramTarget)[0]
-		return t, nil
+		return helper.First(createClients(tc.Name, createConfig(tc, tc.Spec.Telegram), f.CreateTelegramTarget)), nil
 	} else if tc.Spec.Kinesis != nil {
-		t = createClients(tc.Name, createConfig(tc, tc.Spec.Kinesis), f.CreateKinesisTarget)[0]
-		return t, nil
+		return helper.First(createClients(tc.Name, createConfig(tc, tc.Spec.Kinesis), f.CreateKinesisTarget)), nil
 	} else if tc.Spec.SecurityHub != nil {
-		t = createClients(tc.Name, createConfig(tc, tc.Spec.SecurityHub), f.CreateSecurityHubTarget)[0]
-		return t, nil
+		return helper.First(createClients(tc.Name, createConfig(tc, tc.Spec.SecurityHub), f.CreateSecurityHubTarget)), nil
 	} else if tc.Spec.Loki != nil {
-		t = createClients(tc.Name, createConfig(tc, tc.Spec.Loki), f.CreateLokiTarget)[0]
-		return t, nil
+		return helper.First(createClients(tc.Name, createConfig(tc, tc.Spec.Loki), f.CreateLokiTarget)), nil
 	} else if tc.Spec.Slack != nil {
-		t = createClients(tc.Name, createConfig(tc, tc.Spec.Slack), f.CreateSlackTarget)[0]
-		return t, nil
+		return helper.First(createClients(tc.Name, createConfig(tc, tc.Spec.Slack), f.CreateSlackTarget)), nil
 	} else if tc.Spec.Teams != nil {
-		t = createClients(tc.Name, createConfig(tc, tc.Spec.Teams), f.CreateTeamsTarget)[0]
-		return t, nil
+		return helper.First(createClients(tc.Name, createConfig(tc, tc.Spec.Teams), f.CreateTeamsTarget)), nil
 	}
 	return nil, fmt.Errorf("invalid target type passed")
 }
@@ -831,15 +820,15 @@ func (f *TargetFactory) mapSecretValues(config any, ref, mountedSecret string) {
 		}
 
 	case *v1alpha1.Config[v1alpha1.SlackOptions]:
-		if values.Host != "" {
+		if values.Webhook != "" {
 			c.Config.Webhook = values.Webhook
 		}
 		if values.Channel != "" {
 			c.Config.Channel = values.Channel
 		}
 
 	case *v1alpha1.Config[v1alpha1.WebhookOptions]:
-		if values.Host != "" {
+		if values.Webhook != "" {
 			c.Config.Webhook = values.Webhook
 		}
 		if values.Token != "" {
@@ -903,6 +892,9 @@ func (f *TargetFactory) mapSecretValues(config any, ref, mountedSecret string) {
 		if values.Token != "" {
 			c.Config.Token = values.Token
 		}
+		if values.Webhook != "" {
+			c.Config.Webhook = values.Webhook
+		}
 		if values.Host != "" {
 			c.Config.Webhook = values.Host
 		}
diff --git a/pkg/target/telegram/telegram.go b/pkg/target/telegram/telegram.go
@@ -133,7 +133,6 @@ func (e *client) Send(result v1alpha2.PolicyReportResult) {
 	req, err := http.CreateJSONRequest("POST", e.host, payload)
 	if err != nil {
 		zap.L().Error(e.Name()+": PUSH FAILED", zap.Error(err))
-		fmt.Println(err)
 		return
 	}
 
diff --git a/pkg/targetconfig/client.go b/pkg/targetconfig/client.go
@@ -27,19 +27,25 @@ func (c *Client) ConfigureInformer() {
 
 			t, err := c.targetFactory.CreateSingleClient(tc)
 			if err != nil {
-				c.logger.Error("unable to create target from TargetConfig: " + err.Error())
+				c.logger.Error("unable to create target from TargetConfig", zap.String("name", tc.Name), zap.Error(err))
+				return
+			} else if t == nil {
+				c.logger.Error("provided TargetConfig is invalid", zap.String("name", tc.Name))
 				return
 			}
 
 			c.collection.AddTarget(tc.Name, t)
 		},
 		UpdateFunc: func(oldObj, newObj interface{}) {
 			tc := newObj.(*v1alpha1.TargetConfig)
-			c.logger.Info(fmt.Sprintf("update target: %s", tc.Name))
+			c.logger.Info("update target", zap.String("name", tc.Name))
 
 			t, err := c.targetFactory.CreateSingleClient(tc)
 			if err != nil {
-				c.logger.Error("unable to create target from TargetConfig: " + err.Error())
+				c.logger.Error("unable to create target from TargetConfig", zap.String("name", tc.Name), zap.Error(err))
+				return
+			} else if t == nil {
+				c.logger.Error("provided TargetConfig is invalid", zap.String("name", tc.Name))
 				return
 			}
 

Original file line number	Diff line number	Diff line change
`@@ -133,7 +133,6 @@ func (e *client) Send(result v1alpha2.PolicyReportResult) {`
`133`	`133`	`req, err := http.CreateJSONRequest("POST", e.host, payload)`
`134`	`134`	`if err != nil {`
`135`	`135`	`zap.L().Error(e.Name()+": PUSH FAILED", zap.Error(err))`
`136`		`- fmt.Println(err)`
`137`	`136`	`return`
`138`	`137`	`}`
`139`	`138`