fix: secrets should be exposed as ENVS as provided

scc-digitalhub · Oct 24, 2024 · 3faa787 · 3faa787
1 parent a476a6c
commit 3faa787
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 11 deletions.
diff --git a/...main/java/it/smartcommunitylabdhub/framework/k8s/infrastructure/k8s/K8sBaseFramework.java b/...main/java/it/smartcommunitylabdhub/framework/k8s/infrastructure/k8s/K8sBaseFramework.java
@@ -236,6 +236,7 @@ public void setK8sSecretHelper(K8sSecretHelper k8sSecretHelper) {
     @Override
     public void afterPropertiesSet() throws Exception {
         Assert.notNull(k8sBuilderHelper, "k8s helper is required");
+        Assert.notNull(k8sSecretHelper, "k8s secret helper is required");
         Assert.notNull(k8sProperties, "k8s properties required");
         Assert.notNull(namespace, "k8s namespace required");
         Assert.notNull(version, "k8s version required");
@@ -919,20 +920,30 @@ protected List<V1LocalObjectReference> buildImagePullSecrets(T runnable) {
     protected V1Secret buildRunSecret(T runnable) {
         Map<String, String> data = new HashMap<>();
 
-        //add all user-defined secrets
+        //add all user-defined secrets as-is
         if (runnable.getSecrets() != null) {
             runnable.getSecrets().forEach(s -> data.put(s.name(), s.value()));
         }
 
-        //set core credentials
+        //set core credentials as env with prefix (when required)
         if (runnable.getCredentials() != null) {
-            data.putAll(runnable.getCredentials());
+            String envsPrefix = k8sSecretHelper.getEnvsPrefix();
+            runnable
+                .getCredentials()
+                .entrySet()
+                .forEach(e -> {
+                    if (envsPrefix != null) {
+                        data.put(envsPrefix.toUpperCase() + "_" + e.getKey().toUpperCase(), e.getValue());
+                    } else {
+                        data.put(e.getKey().toUpperCase(), e.getValue());
+                    }
+                });
         }
 
         if (!data.isEmpty()) {
             V1Secret secret = k8sSecretHelper.convertSecrets(
                 k8sSecretHelper.getSecretName(runnable.getRuntime(), runnable.getTask(), runnable.getId()),
-                runnable.getCredentials()
+                data
             );
 
             if (secret != null && secret.getMetadata() != null) {

diff --git a/...-k8s/src/main/java/it/smartcommunitylabdhub/framework/k8s/kubernetes/K8sSecretHelper.java b/...-k8s/src/main/java/it/smartcommunitylabdhub/framework/k8s/kubernetes/K8sSecretHelper.java
@@ -49,6 +49,10 @@ public K8sSecretHelper(ApiClient client) {
         api = new CoreV1Api(client);
     }
 
+    public String getEnvsPrefix() {
+        return envsPrefix;
+    }
+
     public Map<String, String> getSecretData(String secretName) throws ApiException {
         V1Secret secret = api.readNamespacedSecret(secretName, namespace, "");
         if (secret != null) {
@@ -203,16 +207,13 @@ public void storeSecretData(@NotNull String secretName, Map<String, String> data
 
     public @Nullable V1Secret convertSecrets(String name, Map<String, String> values) {
         if (values != null) {
-            //map to secret as envs under declared prefix
+            //map to secret as envs
+            //NOTE: keys should be usable, only sanitization is applied
             Map<String, String> data = values
                 .entrySet()
                 .stream()
-                .collect(
-                    Collectors.toMap(
-                        e -> K8sBuilderHelper.sanitizeNames(envsPrefix).toUpperCase() + "_" + e.getKey().toUpperCase(),
-                        Entry::getValue
-                    )
-                );
+                .filter(e -> e.getKey() != null)
+                .collect(Collectors.toMap(e -> e.getKey().replaceAll("[^a-zA-Z0-9._-]+", ""), Entry::getValue));
 
             return new V1Secret()
                 .metadata(new V1ObjectMeta().name(name).namespace(namespace))