Implement functions to find referencing ConfigMaps and Secrets in Kub…

…ernetes manifests (#5409) Signed-off-by: Shinnosuke Sawada-Dazai <[email protected]>
pipe-cd · Dec 12, 2024 · 6b63206 · 6b63206
1 parent 8f23da4
commit 6b63206
Show file tree

Hide file tree

Showing 2 changed files with 550 additions and 0 deletions.
diff --git a/pkg/app/pipedv1/plugin/kubernetes/provider/deployment.go b/pkg/app/pipedv1/plugin/kubernetes/provider/deployment.go
@@ -0,0 +1,129 @@
+// Copyright 2024 The PipeCD Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package provider
+
+import (
+	"slices"
+
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+)
+
+// FindReferencingConfigMaps finds all configmaps that are referenced by the given manifest.
+//
+// It looks for configmaps in the following fields:
+// - spec.template.spec.volumes.configMap.name
+// - spec.template.spec.initContainers.env.valueFrom.configMapKeyRef.name
+// - spec.template.spec.initContainers.envFrom.configMapRef.name
+// - spec.template.spec.containers.env.valueFrom.configMapKeyRef.name
+// - spec.template.spec.containers.envFrom.configMapRef.name
+func FindReferencingConfigMaps(m *unstructured.Unstructured) []string {
+	var configMaps []string
+
+	if n := nestedStringSlice(m.Object, "spec", "template", "spec", "volumes", "configMap", "name"); len(n) > 0 {
+		configMaps = append(configMaps, n...)
+	}
+
+	if n := nestedStringSlice(m.Object, "spec", "template", "spec", "initContainers", "env", "valueFrom", "configMapKeyRef", "name"); len(n) > 0 {
+		configMaps = append(configMaps, n...)
+	}
+
+	if n := nestedStringSlice(m.Object, "spec", "template", "spec", "initContainers", "envFrom", "configMapRef", "name"); len(n) > 0 {
+		configMaps = append(configMaps, n...)
+	}
+
+	if n := nestedStringSlice(m.Object, "spec", "template", "spec", "containers", "env", "valueFrom", "configMapKeyRef", "name"); len(n) > 0 {
+		configMaps = append(configMaps, n...)
+	}
+
+	if n := nestedStringSlice(m.Object, "spec", "template", "spec", "containers", "envFrom", "configMapRef", "name"); len(n) > 0 {
+		configMaps = append(configMaps, n...)
+	}
+
+	slices.Sort(configMaps)
+	return slices.Compact(configMaps)
+}
+
+// FindReferencingSecrets finds all secrets that are referenced by the given manifest.
+//
+// It looks for secrets in the following fields:
+// - spec.template.spec.volumes.secret.secretName
+// - spec.template.spec.initContainers.env.valueFrom.secretKeyRef.name
+// - spec.template.spec.initContainers.envFrom.secretRef.name
+// - spec.template.spec.containers.env.valueFrom.secretKeyRef.name
+// - spec.template.spec.containers.envFrom.secretRef.name
+func FindReferencingSecrets(m *unstructured.Unstructured) []string {
+	var secrets []string
+
+	if n := nestedStringSlice(m.Object, "spec", "template", "spec", "volumes", "secret", "secretName"); len(n) > 0 {
+		secrets = append(secrets, n...)
+	}
+
+	if n := nestedStringSlice(m.Object, "spec", "template", "spec", "initContainers", "env", "valueFrom", "secretKeyRef", "name"); len(n) > 0 {
+		secrets = append(secrets, n...)
+	}
+
+	if n := nestedStringSlice(m.Object, "spec", "template", "spec", "initContainers", "envFrom", "secretRef", "name"); len(n) > 0 {
+		secrets = append(secrets, n...)
+	}
+
+	if n := nestedStringSlice(m.Object, "spec", "template", "spec", "containers", "env", "valueFrom", "secretKeyRef", "name"); len(n) > 0 {
+		secrets = append(secrets, n...)
+	}
+
+	if n := nestedStringSlice(m.Object, "spec", "template", "spec", "containers", "envFrom", "secretRef", "name"); len(n) > 0 {
+		secrets = append(secrets, n...)
+	}
+
+	slices.Sort(secrets)
+	return slices.Compact(secrets)
+}
+
+// nestedStringSlice extracts a string slice from the given object by following the fields.
+// It returns the extracted string slice.
+// If there is []map[string]any in the middle of the fields, it will be flattened.
+func nestedStringSlice(obj any, fields ...string) []string {
+	// No field to extract, return the original object.
+	if len(fields) == 0 {
+		switch obj := obj.(type) {
+		case []string:
+			return obj
+		case []any:
+			var result []string
+			for _, item := range obj {
+				if s, ok := item.(string); ok {
+					result = append(result, s)
+				}
+			}
+			return result
+		case string:
+			return []string{obj}
+		default:
+			return nil
+		}
+	}
+
+	switch v := obj.(type) {
+	case map[string]any:
+		return nestedStringSlice(v[fields[0]], fields[1:]...)
+	case []any:
+		var result []string
+		for _, item := range v {
+			result = append(result, nestedStringSlice(item, fields...)...)
+		}
+		return result
+	default:
+		return nil
+	}
+}