From 66eaf12e0bcdea5720b34bf259b4ce999ac0edf0 Mon Sep 17 00:00:00 2001
From: Dan Rammer <daniel@union.ai>
Date: Wed, 5 Oct 2022 11:22:03 -0500
Subject: [PATCH] Make k8s secrets optional (#482)

* make secrets optional - to skip mounting missing values

Signed-off-by: Daniel Rammer <daniel@union.ai>

* add env var secrets to optional values

Signed-off-by: Daniel Rammer <daniel@union.ai>

* fixed lint issue

Signed-off-by: Daniel Rammer <daniel@union.ai>

* fixed unit tests

Signed-off-by: Daniel Rammer <daniel@union.ai>

* fixed lint issue

Signed-off-by: Daniel Rammer <daniel@union.ai>

Signed-off-by: Daniel Rammer <daniel@union.ai>
---
 pkg/webhook/k8s_secrets_test.go | 6 ++++++
 pkg/webhook/utils.go            | 6 +++++-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/pkg/webhook/k8s_secrets_test.go b/pkg/webhook/k8s_secrets_test.go
index 6846a9e7e..500da6f44 100644
--- a/pkg/webhook/k8s_secrets_test.go
+++ b/pkg/webhook/k8s_secrets_test.go
@@ -11,6 +11,8 @@ import (
 )
 
 func TestK8sSecretInjector_Inject(t *testing.T) {
+	optional := true
+
 	inputPod := corev1.Pod{
 		Spec: corev1.PodSpec{
 			Containers: []corev1.Container{
@@ -36,6 +38,7 @@ func TestK8sSecretInjector_Inject(t *testing.T) {
 									LocalObjectReference: corev1.LocalObjectReference{
 										Name: "grOUP",
 									},
+									Optional: &optional,
 								},
 							},
 						},
@@ -63,6 +66,7 @@ func TestK8sSecretInjector_Inject(t *testing.T) {
 									Path: "hello",
 								},
 							},
+							Optional: &optional,
 						},
 					},
 				},
@@ -110,6 +114,7 @@ func TestK8sSecretInjector_Inject(t *testing.T) {
 									Path: "world",
 								},
 							},
+							Optional: &optional,
 						},
 					},
 				},
@@ -147,6 +152,7 @@ func TestK8sSecretInjector_Inject(t *testing.T) {
 					VolumeSource: corev1.VolumeSource{
 						Secret: &corev1.SecretVolumeSource{
 							SecretName: "hello",
+							Optional:   &optional,
 						},
 					},
 				},
diff --git a/pkg/webhook/utils.go b/pkg/webhook/utils.go
index e063053f5..9f07ac417 100644
--- a/pkg/webhook/utils.go
+++ b/pkg/webhook/utils.go
@@ -25,6 +25,7 @@ func hasEnvVar(envVars []corev1.EnvVar, envVarKey string) bool {
 }
 
 func CreateEnvVarForSecret(secret *core.Secret) corev1.EnvVar {
+	optional := true
 	return corev1.EnvVar{
 		Name: strings.ToUpper(K8sDefaultEnvVarPrefix + secret.Group + EnvVarGroupKeySeparator + secret.Key),
 		ValueFrom: &corev1.EnvVarSource{
@@ -32,13 +33,15 @@ func CreateEnvVarForSecret(secret *core.Secret) corev1.EnvVar {
 				LocalObjectReference: corev1.LocalObjectReference{
 					Name: secret.Group,
 				},
-				Key: secret.Key,
+				Key:      secret.Key,
+				Optional: &optional,
 			},
 		},
 	}
 }
 
 func CreateVolumeForSecret(secret *core.Secret) corev1.Volume {
+	optional := true
 	return corev1.Volume{
 		// we don't want to create different volume for the same secret group
 		Name: encoding.Base32Encoder.EncodeToString([]byte(secret.Group + EnvVarGroupKeySeparator + secret.GroupVersion)),
@@ -51,6 +54,7 @@ func CreateVolumeForSecret(secret *core.Secret) corev1.Volume {
 						Path: strings.ToLower(secret.Key),
 					},
 				},
+				Optional: &optional,
 			},
 		},
 	}