From 012a498a8b576d12fb546b7b49f3d60db2c65683 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20=C5=A0alata?= Date: Mon, 13 Jun 2022 14:27:12 +0200 Subject: [PATCH] Create proper secrets before checking whether the SA needs to be patched (in case the secret itself changed) --- VERSION | 2 +- charts/imagepullsecret-injector/Chart.yaml | 4 +-- cmd/webhook.go | 30 +++++++++++----------- 3 files changed, 18 insertions(+), 18 deletions(-) diff --git a/VERSION b/VERSION index 1111c9c..9beca35 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.0.14 \ No newline at end of file +0.0.15 \ No newline at end of file diff --git a/charts/imagepullsecret-injector/Chart.yaml b/charts/imagepullsecret-injector/Chart.yaml index c0ce68d..55d08e0 100644 --- a/charts/imagepullsecret-injector/Chart.yaml +++ b/charts/imagepullsecret-injector/Chart.yaml @@ -15,9 +15,9 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.0.25 +version: 0.0.26 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: 0.0.14 +appVersion: 0.0.25 diff --git a/cmd/webhook.go b/cmd/webhook.go index ad04bc9..5bb555e 100644 --- a/cmd/webhook.go +++ b/cmd/webhook.go @@ -236,11 +236,24 @@ func (whsvr *WebhookServer) mutateServiceAccount(ar *v1beta1.AdmissionReview) *v } } - // Check whether we already have the imagePullSecretName present + // Make sure the secrets are present + if err := whsvr.ensureSecrets(ar); err != nil { + whsvr.logger.Errorf("Could not ensure existence of the imagePullSecret") + if !whsvr.config.ignoreSecretCreationError { + whsvr.logger.Errorf("Failing the mutation process") + return &v1beta1.AdmissionResponse{ + Result: &metav1.Status{ + Message: err.Error(), + }, + } + } + whsvr.logger.Infof("ignoreSecretCreationError is true, ignoring") + } + if sa.ImagePullSecrets != nil { - whsvr.logger.Infof("ServiceAccount is already in the correct state, skipping") for _, lor := range sa.ImagePullSecrets { if whsvr.config.targetImagePullSecretName == lor.Name { + whsvr.logger.Infof("ServiceAccount is already in the correct state, skipping the patch") return &v1beta1.AdmissionResponse{ Allowed: true, } @@ -262,19 +275,6 @@ func (whsvr *WebhookServer) mutateServiceAccount(ar *v1beta1.AdmissionReview) *v } } - if err := whsvr.ensureSecrets(ar); err != nil { - whsvr.logger.Errorf("Could not ensure existence of the imagePullSecret") - if !whsvr.config.ignoreSecretCreationError { - whsvr.logger.Errorf("Failing the mutation process") - return &v1beta1.AdmissionResponse{ - Result: &metav1.Status{ - Message: err.Error(), - }, - } - } - whsvr.logger.Infof("ignoreSecretCreationError is true, ignoring") - } - return &v1beta1.AdmissionResponse{ Allowed: true, Patch: patchBytes,