Skip to content

Commit

Permalink
Lower-case mount path for file secrets (flyteorg#472)
Browse files Browse the repository at this point in the history
* lower mount path

Signed-off-by: Yee Hing Tong <[email protected]>

* test

Signed-off-by: Yee Hing Tong <[email protected]>

* lower case the group also

Signed-off-by: Yee Hing Tong <[email protected]>

Signed-off-by: Yee Hing Tong <[email protected]>
  • Loading branch information
wild-endeavor authored Aug 17, 2022
1 parent fd7b180 commit fb78f46
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 16 deletions.
28 changes: 14 additions & 14 deletions pkg/webhook/k8s_secrets_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,9 +32,9 @@ func TestK8sSecretInjector_Inject(t *testing.T) {
Name: "_FSEC_GROUP_HELLO",
ValueFrom: &corev1.EnvVarSource{
SecretKeyRef: &corev1.SecretKeySelector{
Key: "hello",
Key: "HELLO",
LocalObjectReference: corev1.LocalObjectReference{
Name: "group",
Name: "grOUP",
},
},
},
Expand All @@ -53,13 +53,13 @@ func TestK8sSecretInjector_Inject(t *testing.T) {
Spec: corev1.PodSpec{
Volumes: []corev1.Volume{
{
Name: "m4zg54lql3",
Name: "m4ze5vkql3",
VolumeSource: corev1.VolumeSource{
Secret: &corev1.SecretVolumeSource{
SecretName: "group",
SecretName: "grOUP",
Items: []corev1.KeyToPath{
{
Key: "hello",
Key: "HELLO",
Path: "hello",
},
},
Expand All @@ -73,7 +73,7 @@ func TestK8sSecretInjector_Inject(t *testing.T) {
Name: "container1",
VolumeMounts: []corev1.VolumeMount{
{
Name: "m4zg54lql3",
Name: "m4ze5vkql3",
MountPath: "/etc/flyte/secrets/group",
ReadOnly: true,
},
Expand All @@ -96,13 +96,13 @@ func TestK8sSecretInjector_Inject(t *testing.T) {
Spec: corev1.PodSpec{
Volumes: []corev1.Volume{
{
Name: "m4zg54lql3",
Name: "m4ze5vkql3",
VolumeSource: corev1.VolumeSource{
Secret: &corev1.SecretVolumeSource{
SecretName: "group",
SecretName: "grOUP",
Items: []corev1.KeyToPath{
{
Key: "hello",
Key: "HELLO",
Path: "hello",
},
{
Expand All @@ -120,7 +120,7 @@ func TestK8sSecretInjector_Inject(t *testing.T) {
Name: "container1",
VolumeMounts: []corev1.VolumeMount{
{
Name: "m4zg54lql3",
Name: "m4ze5vkql3",
MountPath: "/etc/flyte/secrets/group",
ReadOnly: true,
},
Expand Down Expand Up @@ -187,14 +187,14 @@ func TestK8sSecretInjector_Inject(t *testing.T) {
want *corev1.Pod
wantErr bool
}{
{name: "require group", args: args{secret: &coreIdl.Secret{Key: "hello", MountRequirement: coreIdl.Secret_ENV_VAR}, p: &corev1.Pod{}},
{name: "require group", args: args{secret: &coreIdl.Secret{Key: "HELLO", MountRequirement: coreIdl.Secret_ENV_VAR}, p: &corev1.Pod{}},
want: &corev1.Pod{}, wantErr: true},
{name: "simple", args: args{secret: &coreIdl.Secret{Group: "group", Key: "hello", MountRequirement: coreIdl.Secret_ENV_VAR}, p: inputPod.DeepCopy()},
{name: "simple", args: args{secret: &coreIdl.Secret{Group: "grOUP", Key: "HELLO", MountRequirement: coreIdl.Secret_ENV_VAR}, p: inputPod.DeepCopy()},
want: &successPodEnv, wantErr: false},
{name: "require file single", args: args{secret: &coreIdl.Secret{Group: "group", Key: "hello", MountRequirement: coreIdl.Secret_FILE},
{name: "require file single", args: args{secret: &coreIdl.Secret{Group: "grOUP", Key: "HELLO", MountRequirement: coreIdl.Secret_FILE},
p: inputPod.DeepCopy()},
want: &successPodFile, wantErr: false},
{name: "require file multiple from same secret group", args: args{secret: &coreIdl.Secret{Group: "group", Key: "world", MountRequirement: coreIdl.Secret_FILE},
{name: "require file multiple from same secret group", args: args{secret: &coreIdl.Secret{Group: "grOUP", Key: "world", MountRequirement: coreIdl.Secret_FILE},
p: successPodFile.DeepCopy()},
want: &successPodMultiFiles, wantErr: false},
{name: "require file all keys", args: args{secret: &coreIdl.Secret{Key: "hello", MountRequirement: coreIdl.Secret_FILE},
Expand Down
4 changes: 2 additions & 2 deletions pkg/webhook/utils.go
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ func CreateVolumeForSecret(secret *core.Secret) corev1.Volume {
Items: []corev1.KeyToPath{
{
Key: secret.Key,
Path: secret.Key,
Path: strings.ToLower(secret.Key),
},
},
},
Expand All @@ -60,7 +60,7 @@ func CreateVolumeMountForSecret(volumeName string, secret *core.Secret) corev1.V
return corev1.VolumeMount{
Name: volumeName,
ReadOnly: true,
MountPath: filepath.Join(filepath.Join(K8sSecretPathPrefix...), secret.Group),
MountPath: filepath.Join(filepath.Join(K8sSecretPathPrefix...), strings.ToLower(secret.Group)),
}
}

Expand Down

0 comments on commit fb78f46

Please sign in to comment.