8000 Dont create temporary secret when no credentials are found #1189 · secureCodeBox/secureCodeBox@752d943 · GitHub
[go: up one dir, main page]
Skip to content

Commit 752d943

Browse files
the-simmonthe-simmon
committed
Dont create temporary secret when no credentials are found #1189
Signed-off-by: Simon Hülkenberg <simon.huelkenberg@iteratec.com>
1 parent 8d1b030 commit 752d943

File tree

3 files changed

+13
-2
lines changed

3 files changed

+13
-2
lines changed

auto-discovery/kubernetes/controllers/container_scan_controller.go

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -351,11 +351,13 @@ func getTemporarySecretName(imageID string) string {
351351
}
352352

353353
func getTemporarySecretEnvironmentVariableMount(imageID string, usernameEnvVarName string, passwordEnvVarName string) []corev1.EnvVar {
354+
trueBool := true
354355
return []corev1.EnvVar{
355356
{
356357
Name: usernameEnvVarName,
357358
ValueFrom: &corev1.EnvVarSource{
358359
SecretKeyRef: &corev1.SecretKeySelector{
360+
Optional: &trueBool,
359361
LocalObjectReference: corev1.LocalObjectReference{
360362
Name: getTemporarySecretName(imageID),
361363
},
@@ -367,6 +369,7 @@ func getTemporarySecretEnvironmentVariableMount(imageID string, usernameEnvVarNa
367369
Name: passwordEnvVarName,
368370
ValueFrom: &corev1.EnvVarSource{
369371
SecretKeyRef: &corev1.SecretKeySelector{
372+
Optional: &trueBool,
370373
LocalObjectReference: corev1.LocalObjectReference{
371374
Name: getTemporarySecretName(imageID),
372375
},

auto-discovery/kubernetes/controllers/container_scan_controller_test.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -129,6 +129,8 @@ var _ = Describe("ContainerScan controller", func() {
129129
fakeDeployment := map[string]string{"nginx": "0d17b565c37bcbd895e9d92315a05c1c3c9a29f762b011a10c54a66cd53c9b31"}
130130
nginxScanName := "nginx-at-0d17b565c37bcbd895e9d92315a05c1c3c9a29f762b011a10c54a66cd53c9b31"
131131
nginxScanName = nginxScanName[:62]
132+
133+
trueBool := true
132134
nginxScanGoTemplate := scanGoTemplate{
133135
map[string]string{"testAnnotation": namespace},
134136
map[string]string{
@@ -182,6 +184,7 @@ var _ = Describe("ContainerScan controller", func() {
182184
Name: "username",
183185
ValueFrom: &corev1.EnvVarSource{
184186
SecretKeyRef: &corev1.SecretKeySelector{
187+
Optional: &trueBool,
185188
LocalObjectReference: corev1.LocalObjectReference{
186189
Name: ("temporary-secret-" + nginxScanName)[:62],
187190
},
@@ -193,6 +196,7 @@ var _ = Describe("ContainerScan controller", func() {
193196
Name: "password",
194197
ValueFrom: &corev1.EnvVarSource{
195198
SecretKeyRef: &corev1.SecretKeySelector{
199+
Optional: &trueBool,
196200
LocalObjectReference: corev1.LocalObjectReference{
197201
Name: ("temporary-secret-" + nginxScanName)[:62],
198202
},

auto-discovery/kubernetes/pull-secret-extractor/secret_extraction.py

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -17,8 +17,12 @@ def main():
1717

1818
raw_secrets = get_raw_secrets('/secrets')
1919
correct_secret = get_correct_secret(domain, raw_secrets)
20-
username, password = get_user_and_password(correct_secret)
21-
create_temporary_secret(username, password, temporary_secret_name)
20+
21+
if correct_secret:
22+
username, password = get_user_and_password(correct_secret)
23+
create_temporary_secret(username, password, temporary_secret_name)
24+
else:
25+
print(f"No secrets found for domain 'f{domain}'")
2226

2327

2428
def get_raw_secrets(base_path: str):

0 commit comments

Comments
 (0)
0