Allow to inject data from externally crafted secrets #1261 (camel-k b…

…its)
apache · Feb 11, 2020 · ddcc1b6 · ddcc1b6
1 parent 0c6d0ab
commit ddcc1b6
Show file tree

Hide file tree

Showing 4 changed files with 53 additions and 11 deletions.
diff --git a/pkg/trait/environment.go b/pkg/trait/environment.go
@@ -37,6 +37,15 @@ const (
 	envVarPodName              = "POD_NAME"
 	envVarCamelKVersion        = "CAMEL_K_VERSION"
 	envVarCamelKRuntimeVersion = "CAMEL_K_RUNTIME_VERSION"
+	envVarMountPathConfigMaps  = "CAMEL_K_MOUNT_PATH_CONFIGMAPS"
+
+	// Disabling gosec linter as it may triggers:
+	//
+	//   pkg/trait/environment.go:41: G101: Potential hardcoded credentials (gosec)
+	//	   envVarMountPathSecrets     = "CAMEL_K_MOUNT_PATH_SECRETS"
+	//
+	// nolint: gosec
+	envVarMountPathSecrets = "CAMEL_K_MOUNT_PATH_SECRETS"
 )
 
 func newEnvironmentTrait() *environmentTrait {
@@ -58,6 +67,8 @@ func (t *environmentTrait) Configure(e *Environment) (bool, error) {
 func (t *environmentTrait) Apply(e *Environment) error {
 	envvar.SetVal(&e.EnvVars, envVarCamelKVersion, defaults.Version)
 	envvar.SetVal(&e.EnvVars, envVarCamelKRuntimeVersion, e.RuntimeVersion)
+	envvar.SetVal(&e.EnvVars, envVarMountPathConfigMaps, ConfigMapsMountPath)
+	envvar.SetVal(&e.EnvVars, envVarMountPathSecrets, SecretsMountPath)
 
 	if t.ContainerMeta {
 		envvar.SetValFrom(&e.EnvVars, envVarNamespace, "metadata.namespace")

diff --git a/pkg/trait/environment_test.go b/pkg/trait/environment_test.go
@@ -73,6 +73,8 @@ func TestDefaultEnvironment(t *testing.T) {
 	ns := false
 	name := false
 	ck := false
+	cms := false
+	secrets := false
 
 	env.Resources.VisitDeployment(func(deployment *appsv1.Deployment) {
 		for _, e := range deployment.Spec.Template.Spec.Containers[0].Env {
@@ -85,12 +87,20 @@ func TestDefaultEnvironment(t *testing.T) {
 			if e.Name == envVarCamelKVersion {
 				ck = true
 			}
+			if e.Name == envVarMountPathConfigMaps {
+				cms = true
+			}
+			if e.Name == envVarMountPathSecrets {
+				secrets = true
+			}
 		}
 	})
 
 	assert.True(t, ns)
 	assert.True(t, name)
 	assert.True(t, ck)
+	assert.True(t, cms)
+	assert.True(t, secrets)
 }
 
 func TestEnabledContainerMetaDataEnvVars(t *testing.T) {

diff --git a/pkg/trait/trait_test.go b/pkg/trait/trait_test.go
@@ -19,6 +19,7 @@ package trait
 
 import (
 	"context"
+	"path"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
@@ -339,7 +340,7 @@ func TestConfigureVolumesAndMounts(t *testing.T) {
 
 	m = findVVolumeMount(mnts, func(m corev1.VolumeMount) bool { return m.Name == "test-configmap" })
 	assert.NotNil(t, m)
-	assert.Equal(t, "/etc/camel/conf.d/integration-cm-test-configmap", m.MountPath)
+	assert.Equal(t, path.Join(ConfigMapsMountPath, "test-configmap"), m.MountPath)
 
 	v = findVolume(vols, func(v corev1.Volume) bool { return v.Name == "test-secret" })
 	assert.NotNil(t, v)
@@ -348,7 +349,7 @@ func TestConfigureVolumesAndMounts(t *testing.T) {
 
 	m = findVVolumeMount(mnts, func(m corev1.VolumeMount) bool { return m.Name == "test-secret" })
 	assert.NotNil(t, m)
-	assert.Equal(t, "/etc/camel/conf.d/integration-secret-test-secret", m.MountPath)
+	assert.Equal(t, path.Join(SecretsMountPath, "test-secret"), m.MountPath)
 
 	v = findVolume(vols, func(v corev1.Volume) bool { return v.Name == "testvolume-data" })
 	assert.NotNil(t, v)

diff --git a/pkg/trait/trait_types.go b/pkg/trait/trait_types.go
@@ -42,6 +42,29 @@ import (
 // True --
 const True = "true"
 
+var (
+	// BasePath --
+	BasePath = "/etc/camel"
+
+	// ConfPath --
+	ConfPath = path.Join(BasePath, "conf")
+
+	// ConfdPath --
+	ConfdPath = path.Join(BasePath, "conf.d")
+
+	// SourcesMountPath --
+	SourcesMountPath = path.Join(BasePath, "sources")
+
+	// ResourcesMountPath --
+	ResourcesMountPath = path.Join(BasePath, "resources")
+
+	// ConfigMapsMountPath --
+	ConfigMapsMountPath = path.Join(ConfdPath, "_configmaps")
+
+	// SecretsMountPath --
+	SecretsMountPath = path.Join(ConfdPath, "_secrets")
+)
+
 // Identifiable represent an identifiable type
 type Identifiable interface {
 	ID() ID
@@ -389,8 +412,7 @@ func (e *Environment) ComputeSourcesURI() []string {
 	paths := make([]string, 0, len(sources))
 
 	for i, s := range sources {
-		root := "/etc/camel/sources"
-		root = path.Join(root, fmt.Sprintf("i-source-%03d", i))
+		root := path.Join(SourcesMountPath, fmt.Sprintf("i-source-%03d", i))
 
 		srcName := strings.TrimPrefix(s.Name, "/")
 		src := path.Join(root, srcName)
@@ -427,7 +449,7 @@ func (e *Environment) ConfigureVolumesAndMounts(vols *[]corev1.Volume, mnts *[]c
 		cmName := fmt.Sprintf("%s-source-%03d", e.Integration.Name, i)
 		refName := fmt.Sprintf("i-source-%03d", i)
 		resName := strings.TrimPrefix(s.Name, "/")
-		resPath := path.Join("/etc/camel/sources", refName)
+		resPath := path.Join(SourcesMountPath, refName)
 
 		if s.ContentRef != "" {
 			cmName = s.ContentRef
@@ -465,7 +487,7 @@ func (e *Environment) ConfigureVolumesAndMounts(vols *[]corev1.Volume, mnts *[]c
 		refName := fmt.Sprintf("i-resource-%03d", i)
 		resName := strings.TrimPrefix(r.Name, "/")
 		cmKey := "content"
-		resPath := path.Join("/etc/camel/resources", refName)
+		resPath := path.Join(ResourcesMountPath, refName)
 
 		if r.ContentRef != "" {
 			cmName = r.ContentRef
@@ -523,7 +545,7 @@ func (e *Environment) ConfigureVolumesAndMounts(vols *[]corev1.Volume, mnts *[]c
 
 	*mnts = append(*mnts, corev1.VolumeMount{
 		Name:      "integration-properties",
-		MountPath: "/etc/camel/conf",
+		MountPath: ConfPath,
 	})
 
 	//
@@ -532,7 +554,6 @@ func (e *Environment) ConfigureVolumesAndMounts(vols *[]corev1.Volume, mnts *[]c
 
 	for _, cmName := range e.CollectConfigurationValues("configmap") {
 		refName := kubernetes.SanitizeLabel(cmName)
-		fileName := "integration-cm-" + strings.ToLower(cmName)
 
 		*vols = append(*vols, corev1.Volume{
 			Name: refName,
@@ -547,7 +568,7 @@ func (e *Environment) ConfigureVolumesAndMounts(vols *[]corev1.Volume, mnts *[]c
 
 		*mnts = append(*mnts, corev1.VolumeMount{
 			Name:      refName,
-			MountPath: path.Join("/etc/camel/conf.d", fileName),
+			MountPath: path.Join(ConfigMapsMountPath, strings.ToLower(cmName)),
 		})
 	}
 
@@ -557,7 +578,6 @@ func (e *Environment) ConfigureVolumesAndMounts(vols *[]corev1.Volume, mnts *[]c
 
 	for _, secretName := range e.CollectConfigurationValues("secret") {
 		refName := kubernetes.SanitizeLabel(secretName)
-		fileName := "integration-secret-" + strings.ToLower(secretName)
 
 		*vols = append(*vols, corev1.Volume{
 			Name: refName,
@@ -570,7 +590,7 @@ func (e *Environment) ConfigureVolumesAndMounts(vols *[]corev1.Volume, mnts *[]c
 
 		*mnts = append(*mnts, corev1.VolumeMount{
 			Name:      refName,
-			MountPath: path.Join("/etc/camel/conf.d", fileName),
+			MountPath: path.Join(SecretsMountPath, strings.ToLower(secretName)),
 		})
 	}