[BUG] index out of range on listing of containers comand

[EnricoOr]

Describe the bug
We had some use case of multi-container pod (mainly php api services with nginx container+php one) was failing to inject the secrets.
During the oauth token serving the request failed because of an index out of bound error, this error was caused by one of the container (the nginx one) having empty commands in the pod spec. This is probably because the image Dockerfile used CMD instead of ENTRYPOINT and kubernetes, when no command is specified in the container spec yaml, it use (correctly) the ENTRYPOINT command when creating the container Spec. So in the end if there is no entrypoint the container commads is left empty.

To solve this issue for the multicontainer pod case, where only one of them needs secret injection and its image has a "correct" Dockerfile, it should be enough to check for the Commands array length>0 in AND with the current condition (@line 39 of azure-keyvault-secrets-webhook/authorization.go). In general this case should be managed throwing a correct error message stating the issue.

Expected behavior
Webook succesfully serve the token

Logs
time="2020-04-15T09:27:24Z" level=info msg="using '/usr/sbin/php-fpm7.3 --nodaemonize' as arguments for env-injector" time="2020-04-15T09:27:24Z" level=info msg="containers mutated and pod updated with init-container and volumes" 2020/04/15 09:27:50 http: panic serving 10.80.1.188:55488: runtime error: index out of range [0] with length 0 goroutine 45033 [running]: net/http.(*conn).serve.func1(0xc0004500a0) /usr/local/go/src/net/http/server.go:1767 +0x139 panic(0x15ddb60, 0xc000509600) /usr/local/go/src/runtime/panic.go:679 +0x1b2 main.authorize(0xc00013f320, 0xc00072e3c0, 0x11, 0xc000540d15, 0x18, 0xc000540d0a, 0xa, 0x203000, 0x203000) /go/src/github.com/SparebankenVest/azure-key-vault-to-kubernetes/cmd/azure-keyvault-secrets-webhook/authorization.go:39 +0xabb main.authHandler(0x18ff400, 0xc0005ba460, 0xc00085a800) /go/src/github.com/SparebankenVest/azure-key-vault-to-kubernetes/cmd/azure-keyvault-secrets-webhook/main.go:178 +0x34a net/http.HandlerFunc.ServeHTTP(0x17614e8, 0x18ff400, 0xc0005ba460, 0xc00085a800) /usr/local/go/src/net/http/server.go:2007 +0x44 github.com/gorilla/mux.(*Router).ServeHTTP(0xc0001bbe00, 0x18ff400, 0xc0005ba460, 0xc00085a600) /go/pkg/mod/github.com/gorilla/[email protected]/mux.go:210 +0xe2 net/http.serverHandler.ServeHTTP(0xc0001ae2a0, 0x18ff400, 0xc0005ba460, 0xc00085a600) /usr/local/go/src/net/http/server.go:2802 +0xa4 net/http.(*conn).serve(0xc0004500a0, 0x1905500, 0xc0005e6480) /usr/local/go/src/net/http/server.go:1890 +0x875 created by net/http.(*Server).Serve /usr/local/go/src/net/http/server.go:2927 +0x38e

[torresdal]

Solved in env-injector v 1.1.7. Thanks @EnricoOr - the error and solution was just as you described. Added unit test to prevent this in the future.