From ff31b53fe1fea9ba87ebc8adabe5f1435ff34243 Mon Sep 17 00:00:00 2001
From: Akash Gupta <akash@truefoundry.com>
Date: Tue, 24 Dec 2024 15:49:59 +0530
Subject: [PATCH] [jspolicy config] fix pod volume mounts for configMap (#897)

---
 charts/tfy-jspolicy-configs/Chart.yaml        |  2 +-
 .../templates/pod-volume-mounts.yaml          | 30 +++++++++++--------
 2 files changed, 19 insertions(+), 13 deletions(-)

diff --git a/charts/tfy-jspolicy-configs/Chart.yaml b/charts/tfy-jspolicy-configs/Chart.yaml
index 0ceceadf..19cb3f6e 100644
--- a/charts/tfy-jspolicy-configs/Chart.yaml
+++ b/charts/tfy-jspolicy-configs/Chart.yaml
@@ -2,4 +2,4 @@ apiVersion: v2
 name: tfy-jspolicy-config
 description: A Helm chart for jspolicy configuration
 type: application
-version: 0.2.0
+version: 0.2.1
diff --git a/charts/tfy-jspolicy-configs/templates/pod-volume-mounts.yaml b/charts/tfy-jspolicy-configs/templates/pod-volume-mounts.yaml
index d6499227..e2028649 100644
--- a/charts/tfy-jspolicy-configs/templates/pod-volume-mounts.yaml
+++ b/charts/tfy-jspolicy-configs/templates/pod-volume-mounts.yaml
@@ -38,13 +38,13 @@ spec:
     // add the volumes to the pod
     const podVolumes = request.object.spec.volumes || [];
     mountDetails.forEach(mountDetails => {
-      // skip if the volume already exists, volume name is same as secret name
-      if (podVolumes.find(volume => volume.name === mountDetails.secretName)) {
-        print("Volume " + mountDetails.secretName + " already exists in the pod " + request.object.metadata.name + " in namespace " + request.namespace + ". Skipping...");
-        return;
-      }
-      print("Adding volume " + mountDetails.secretName + " to the pod " + request.object.metadata.name + " in namespace " + request.namespace);
       if (mountDetails.type === "secret") {
+        // skip if the volume already exists, volume name is same as secret name
+        if (podVolumes.find(volume => volume.name === mountDetails.secretName)) {
+          print("Volume " + mountDetails.secretName + " already exists in the pod " + request.object.metadata.name + " in namespace " + request.namespace + ". Skipping...");
+          return;
+        }
+        print("Adding volume " + mountDetails.secretName + " to the pod " + request.object.metadata.name + " in namespace " + request.namespace);
         request.object.spec.volumes = request.object.spec.volumes.concat({
           name: mountDetails.secretName,
         secret: {
@@ -53,6 +53,12 @@ spec:
         });
       }
       if (mountDetails.type === "configMap") {
+        // skip if the volume already exists, volume name is same as secret name
+        if (podVolumes.find(volume => volume.name === mountDetails.configMapName)) {
+          print("Volume " + mountDetails.configMapName + " already exists in the pod " + request.object.metadata.name + " in namespace " + request.namespace + ". Skipping...");
+          return;
+        }
+        print("Adding volume " + mountDetails.configMapName + " to the pod " + request.object.metadata.name + " in namespace " + request.namespace);
         request.object.spec.volumes = request.object.spec.volumes.concat({
           name: mountDetails.configMapName,
           configMap: {
@@ -61,12 +67,6 @@ spec:
         });
       }
       request.object.spec.containers.forEach(container => {
-        // skip if the volume mount already exists
-        if (container.volumeMounts.find(volumeMount => volumeMount.name === mountDetails.secretName)) {
-          print("Volume mount " + mountDetails.secretName + " already exists in the container " + container.name + " in the pod " + request.object.metadata.name + " in namespace " + request.namespace + ". Skipping...");
-          return;
-        }
-        print("Adding volume mount " + mountDetails.secretName + " to the container " + container.name + " in the pod " + request.object.metadata.name + " in namespace " + request.namespace);
         let volumeName = "";
         if (mountDetails.type === "secret") {
           volumeName = mountDetails.secretName;
@@ -78,6 +78,12 @@ spec:
           print("Invalid volume mount details: " + JSON.stringify(mountDetails));
           exit();
         }
+        // skip if the volume mount already exists
+        if (container.volumeMounts.find(volumeMount => volumeMount.name === volumeName)) {
+          print("Volume mount " + volumeName + " already exists in the container " + container.name + " in the pod " + request.object.metadata.name + " in namespace " + request.namespace + ". Skipping...");
+          return;
+        }
+        print("Adding volume mount " + volumeName + " to the container " + container.name + " in the pod " + request.object.metadata.name + " in namespace " + request.namespace);
         print("Mount details: " + JSON.stringify(mountDetails));
         container.volumeMounts = container.volumeMounts.concat({
           name: volumeName,