1
0
Fork 0
mirror of https://github.com/kyverno/policy-reporter.git synced 2024-12-14 11:57:32 +00:00

retry secret fetching and fix config for mountedSecret usage

Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>
This commit is contained in:
Frank Jogeleit 2023-05-30 20:40:01 +02:00
parent c164cff966
commit 96da05aea0
2 changed files with 39 additions and 1 deletions

View file

@ -4,6 +4,7 @@ loki:
skipTLS: {{ .Values.target.loki.skipTLS }} skipTLS: {{ .Values.target.loki.skipTLS }}
path: {{ .Values.target.loki.path | quote }} path: {{ .Values.target.loki.path | quote }}
secretRef: {{ .Values.target.loki.secretRef | quote }} secretRef: {{ .Values.target.loki.secretRef | quote }}
mountedSecret: {{ .Values.target.loki.mountedSecret | quote }}
minimumPriority: {{ .Values.target.loki.minimumPriority | quote }} minimumPriority: {{ .Values.target.loki.minimumPriority | quote }}
skipExistingOnStartup: {{ .Values.target.loki.skipExistingOnStartup }} skipExistingOnStartup: {{ .Values.target.loki.skipExistingOnStartup }}
{{- with .Values.target.loki.customLabels }} {{- with .Values.target.loki.customLabels }}
@ -30,6 +31,7 @@ elasticsearch:
username: {{ .Values.target.elasticsearch.username | quote }} username: {{ .Values.target.elasticsearch.username | quote }}
password: {{ .Values.target.elasticsearch.password | quote }} password: {{ .Values.target.elasticsearch.password | quote }}
secretRef: {{ .Values.target.elasticsearch.secretRef | quote }} secretRef: {{ .Values.target.elasticsearch.secretRef | quote }}
mountedSecret: {{ .Values.target.elasticsearch.mountedSecret | quote }}
index: {{ .Values.target.elasticsearch.index | default "policy-reporter" | quote }} index: {{ .Values.target.elasticsearch.index | default "policy-reporter" | quote }}
rotation: {{ .Values.target.elasticsearch.rotation | default "daily" | quote }} rotation: {{ .Values.target.elasticsearch.rotation | default "daily" | quote }}
minimumPriority: {{ .Values.target.elasticsearch.minimumPriority | quote }} minimumPriority: {{ .Values.target.elasticsearch.minimumPriority | quote }}
@ -55,6 +57,7 @@ slack:
webhook: {{ .Values.target.slack.webhook | quote }} webhook: {{ .Values.target.slack.webhook | quote }}
channel: {{ .Values.target.slack.channel | quote }} channel: {{ .Values.target.slack.channel | quote }}
secretRef: {{ .Values.target.slack.secretRef | quote }} secretRef: {{ .Values.target.slack.secretRef | quote }}
mountedSecret: {{ .Values.target.slack.mountedSecret | quote }}
minimumPriority: {{ .Values.target.slack.minimumPriority | quote }} minimumPriority: {{ .Values.target.slack.minimumPriority | quote }}
skipExistingOnStartup: {{ .Values.target.slack.skipExistingOnStartup }} skipExistingOnStartup: {{ .Values.target.slack.skipExistingOnStartup }}
{{- with .Values.target.slack.customFields }} {{- with .Values.target.slack.customFields }}
@ -77,6 +80,7 @@ slack:
discord: discord:
webhook: {{ .Values.target.discord.webhook | quote }} webhook: {{ .Values.target.discord.webhook | quote }}
secretRef: {{ .Values.target.discord.secretRef | quote }} secretRef: {{ .Values.target.discord.secretRef | quote }}
mountedSecret: {{ .Values.target.discord.mountedSecret | quote }}
minimumPriority: {{ .Values.target.discord.minimumPriority | quote }} minimumPriority: {{ .Values.target.discord.minimumPriority | quote }}
skipExistingOnStartup: {{ .Values.target.discord.skipExistingOnStartup }} skipExistingOnStartup: {{ .Values.target.discord.skipExistingOnStartup }}
{{- with .Values.target.discord.customFields }} {{- with .Values.target.discord.customFields }}
@ -101,6 +105,7 @@ teams:
certificate: {{ .Values.target.teams.certificate | quote }} certificate: {{ .Values.target.teams.certificate | quote }}
skipTLS: {{ .Values.target.teams.skipTLS }} skipTLS: {{ .Values.target.teams.skipTLS }}
secretRef: {{ .Values.target.teams.secretRef | quote }} secretRef: {{ .Values.target.teams.secretRef | quote }}
mountedSecret: {{ .Values.target.teams.mountedSecret | quote }}
minimumPriority: {{ .Values.target.teams.minimumPriority | quote }} minimumPriority: {{ .Values.target.teams.minimumPriority | quote }}
skipExistingOnStartup: {{ .Values.target.teams.skipExistingOnStartup }} skipExistingOnStartup: {{ .Values.target.teams.skipExistingOnStartup }}
{{- with .Values.target.teams.customFields }} {{- with .Values.target.teams.customFields }}
@ -125,6 +130,7 @@ webhook:
certificate: {{ .Values.target.webhook.certificate | quote }} certificate: {{ .Values.target.webhook.certificate | quote }}
skipTLS: {{ .Values.target.webhook.skipTLS }} skipTLS: {{ .Values.target.webhook.skipTLS }}
secretRef: {{ .Values.target.webhook.secretRef | quote }} secretRef: {{ .Values.target.webhook.secretRef | quote }}
mountedSecret: {{ .Values.target.webhook.mountedSecret | quote }}
minimumPriority: {{ .Values.target.webhook.minimumPriority | quote }} minimumPriority: {{ .Values.target.webhook.minimumPriority | quote }}
skipExistingOnStartup: {{ .Values.target.webhook.skipExistingOnStartup }} skipExistingOnStartup: {{ .Values.target.webhook.skipExistingOnStartup }}
{{- with .Values.target.webhook.sources }} {{- with .Values.target.webhook.sources }}
@ -191,6 +197,7 @@ kinesis:
accessKeyID: {{ .Values.target.kinesis.accessKeyID }} accessKeyID: {{ .Values.target.kinesis.accessKeyID }}
secretAccessKey: {{ .Values.target.kinesis.secretAccessKey }} secretAccessKey: {{ .Values.target.kinesis.secretAccessKey }}
secretRef: {{ .Values.target.kinesis.secretRef | quote }} secretRef: {{ .Values.target.kinesis.secretRef | quote }}
mountedSecret: {{ .Values.target.kinesis.mountedSecret | quote }}
region: {{ .Values.target.kinesis.region }} region: {{ .Values.target.kinesis.region }}
endpoint: {{ .Values.target.kinesis.endpoint }} endpoint: {{ .Values.target.kinesis.endpoint }}
streamName: {{ .Values.target.kinesis.streamName }} streamName: {{ .Values.target.kinesis.streamName }}
@ -218,6 +225,7 @@ securityHub:
accessKeyID: {{ .Values.target.securityHub.accessKeyID }} accessKeyID: {{ .Values.target.securityHub.accessKeyID }}
secretAccessKey: {{ .Values.target.securityHub.secretAccessKey }} secretAccessKey: {{ .Values.target.securityHub.secretAccessKey }}
secretRef: {{ .Values.target.securityHub.secretRef | quote }} secretRef: {{ .Values.target.securityHub.secretRef | quote }}
mountedSecret: {{ .Values.target.securityHub.mountedSecret | quote }}
region: {{ .Values.target.securityHub.region }} region: {{ .Values.target.securityHub.region }}
endpoint: {{ .Values.target.securityHub.endpoint }} endpoint: {{ .Values.target.securityHub.endpoint }}
streamName: {{ .Values.target.securityHub.streamName }} streamName: {{ .Values.target.securityHub.streamName }}
@ -243,6 +251,7 @@ securityHub:
gcs: gcs:
credentials: {{ .Values.target.gcs.credentials }} credentials: {{ .Values.target.gcs.credentials }}
secretRef: {{ .Values.target.gcs.secretRef | quote }} secretRef: {{ .Values.target.gcs.secretRef | quote }}
mountedSecret: {{ .Values.target.gcs.mountedSecret | quote }}
bucket: {{ .Values.target.gcs.bucket }} bucket: {{ .Values.target.gcs.bucket }}
prefix: {{ .Values.target.gcs.prefix }} prefix: {{ .Values.target.gcs.prefix }}
minimumPriority: {{ .Values.target.gcs.minimumPriority | quote }} minimumPriority: {{ .Values.target.gcs.minimumPriority | quote }}

View file

@ -3,8 +3,11 @@ package secrets
import ( import (
"context" "context"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
v1 "k8s.io/client-go/kubernetes/typed/core/v1" v1 "k8s.io/client-go/kubernetes/typed/core/v1"
"k8s.io/client-go/util/retry"
) )
type Values struct { type Values struct {
@ -32,7 +35,33 @@ type k8sClient struct {
} }
func (c *k8sClient) Get(ctx context.Context, name string) (Values, error) { func (c *k8sClient) Get(ctx context.Context, name string) (Values, error) {
secret, err := c.client.Get(ctx, name, metav1.GetOptions{}) var secret *corev1.Secret
err := retry.OnError(retry.DefaultRetry, func(err error) bool {
if _, ok := err.(errors.APIStatus); !ok {
return true
}
if ok := errors.IsTimeout(err); ok {
return true
}
if ok := errors.IsServerTimeout(err); ok {
return true
}
if ok := errors.IsServiceUnavailable(err); ok {
return true
}
return false
}, func() error {
var err error
secret, err = c.client.Get(ctx, name, metav1.GetOptions{})
return err
})
values := Values{} values := Values{}
if err != nil { if err != nil {
return values, err return values, err