Create proper secrets before checking whether the SA needs to be patched (in case the secret itself changed)

This commit is contained in:
Martin Šalata
2022-06-13 14:27:12 +02:00
parent 265f6ba0e1
commit 012a498a8b
3 changed files with 18 additions and 18 deletions

View File

@@ -236,11 +236,24 @@ func (whsvr *WebhookServer) mutateServiceAccount(ar *v1beta1.AdmissionReview) *v
}
}
// Check whether we already have the imagePullSecretName present
// Make sure the secrets are present
if err := whsvr.ensureSecrets(ar); err != nil {
whsvr.logger.Errorf("Could not ensure existence of the imagePullSecret")
if !whsvr.config.ignoreSecretCreationError {
whsvr.logger.Errorf("Failing the mutation process")
return &v1beta1.AdmissionResponse{
Result: &metav1.Status{
Message: err.Error(),
},
}
}
whsvr.logger.Infof("ignoreSecretCreationError is true, ignoring")
}
if sa.ImagePullSecrets != nil {
whsvr.logger.Infof("ServiceAccount is already in the correct state, skipping")
for _, lor := range sa.ImagePullSecrets {
if whsvr.config.targetImagePullSecretName == lor.Name {
whsvr.logger.Infof("ServiceAccount is already in the correct state, skipping the patch")
return &v1beta1.AdmissionResponse{
Allowed: true,
}
@@ -262,19 +275,6 @@ func (whsvr *WebhookServer) mutateServiceAccount(ar *v1beta1.AdmissionReview) *v
}
}
if err := whsvr.ensureSecrets(ar); err != nil {
whsvr.logger.Errorf("Could not ensure existence of the imagePullSecret")
if !whsvr.config.ignoreSecretCreationError {
whsvr.logger.Errorf("Failing the mutation process")
return &v1beta1.AdmissionResponse{
Result: &metav1.Status{
Message: err.Error(),
},
}
}
whsvr.logger.Infof("ignoreSecretCreationError is true, ignoring")
}
return &v1beta1.AdmissionResponse{
Allowed: true,
Patch: patchBytes,