Secret observer does not handle IPv6

Secret observer cron job pods does not wrap ipv6 address in square brackets. This causes the curl command to fail. This commit wraps the address in square brackets if the address is an ipv6 address Testing: pass: apply oidc auth on ipv6 system, ensure cron pods finish pass: apply oidc auth on ipv4 system, ensure cron pods finish Change-Id: I0607bdcba4785d64639d21f3782a26ad5dcd77cf Closes-Bug: 1947462 Signed-off-by: Jerry Sun <jerry.sun@windriver.com>
2021-10-16 13:34:55 -04:00 · 2021-10-16 13:34:55 -04:00 · e45ecb626a
parent 8bde8887a9
commit e45ecb626a
1 changed files with 6 additions and 2 deletions
--- a/secret-observer/secret-observer/helm-charts/secret-observer/templates/configmap-bin.yaml
+++ b/secret-observer/secret-observer/helm-charts/secret-observer/templates/configmap-bin.yaml
@ -18,10 +18,14 @@ data:

    KUBE_TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
    SECRET_SHA=$(sha256sum /home/$1 | awk '{print $1}')
+    KUBERNETES_SERVICE_HOST_WITH_BRACKETS=$KUBERNETES_SERVICE_HOST
+    if echo $KUBERNETES_SERVICE_HOST | grep ":"; then
+        KUBERNETES_SERVICE_HOST_WITH_BRACKETS="[$KUBERNETES_SERVICE_HOST]"
+    fi

-    curl -sS -H "Authorization: Bearer $KUBE_TOKEN" \
+    curl -sSg -H "Authorization: Bearer $KUBE_TOKEN" \
        --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt \
        --request PATCH -H "Accept: application/json" \
        -H "Content-Type: application/strategic-merge-patch+json" \
-        https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_PORT_443_TCP_PORT/apis/apps/v1/namespaces/{{ .Values.namespace }}/deployments/$2 \
+        https://$KUBERNETES_SERVICE_HOST_WITH_BRACKETS:$KUBERNETES_PORT_443_TCP_PORT/apis/apps/v1/namespaces/{{ .Values.namespace }}/deployments/$2 \
        --data '{"spec":{"template":{"metadata":{"annotations":{"'$3'": "'$SECRET_SHA'"}}}}}';