From 47cc9e3619d1db0c89ed9b91fc49661e0b4d0147 Mon Sep 17 00:00:00 2001
From: ed kim <ekim8015@gmail.com>
Date: Tue, 7 Sep 2021 21:40:23 +1000
Subject: [PATCH] smol updates...

Signed-off-by: ed kim <ekim8015@gmail.com>
---
 .dockerignore                |  1 +
 Dockerfile                   | 14 +++++++-------
 pkg/controller/controller.go | 34 ++++++++++++++++++++++++++++++++--
 3 files changed, 40 insertions(+), 9 deletions(-)

diff --git a/.dockerignore b/.dockerignore
index b4dc906..6167945 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,6 +1,7 @@
 .git
 *~
 
+aws-ssm/**
 build/**
 examples/**
 scripts/**
diff --git a/Dockerfile b/Dockerfile
index 9e1995a..e8b5032 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,7 +1,7 @@
 ###
 ## Stage I - Build aws-ssm binary
 #
-FROM library/golang:1.14-alpine
+FROM library/golang:1.16-alpine
 
 RUN apk add --update --no-cache git
 
@@ -14,17 +14,17 @@ RUN go install -v ./...
 ###
 ## Stage II - Install aws-iam-authenticator
 #
-FROM library/golang:1.14-alpine
+FROM library/alpine:3.14
 
-RUN apk add --update --no-cache git
-
-RUN go get -u -v sigs.k8s.io/aws-iam-authenticator/cmd/aws-iam-authenticator
+WORKDIR /tmp
+RUN wget https://amazon-eks.s3.us-west-2.amazonaws.com/1.21.2/2021-07-05/bin/linux/amd64/aws-iam-authenticator
+RUN chmod +x aws-iam-authenticator
 
 
 ###
 ## Stage III - Add ca-certificates, binaries
 #
-FROM library/alpine:3.11
+FROM library/alpine:3.14
 
 ENV AWS_REGION     ""
 ENV AWS_ACCESS_KEY ""
@@ -38,7 +38,7 @@ ENV KUBE_CONFIG    ""
 RUN apk add --update ca-certificates
 
 
-COPY --from=1 /go/bin/aws-iam-authenticator /bin/aws-iam-authenticator
+COPY --from=1 /tmp/aws-iam-authenticator /bin/aws-iam-authenticator
 COPY --from=0 /go/bin/aws-ssm /bin/aws-ssm
 
 ENTRYPOINT ["/bin/aws-ssm"]
diff --git a/pkg/controller/controller.go b/pkg/controller/controller.go
index c7a83a7..c39a51f 100644
--- a/pkg/controller/controller.go
+++ b/pkg/controller/controller.go
@@ -89,6 +89,23 @@ func (c *Controller) HandleSecrets(cli kubernetes.Interface) error {
 	return err
 }
 
+// WatchSecrets listens for secrets that are created and processes them immediately
+func (c *Controller) WatchSecrets(cli kubernetes.Interface) error {
+	secrets, err := cli.CoreV1().Secrets("").List(c.Context, metav1.ListOptions{
+		Watch: true,
+	})
+
+	for _, sec := range secrets.Items {
+		log.Infof("New secret %s in namespace: %s", sec.Name, sec.Namespace)
+	}
+
+	if err != nil {
+		log.Fatalf("Error retrieving secrets: %s", err)
+		return err
+	}
+	return nil
+}
+
 func (c *Controller) runOnce() error {
 	log.Info("Running...")
 	cli, err := c.KubeGen.KubeClient()
@@ -121,13 +138,26 @@ func (c *Controller) Run(stopChan <-chan struct{}) {
 
 // Watch listens to secret create API events to create a secret
 func (c *Controller) Watch(stopChan <-chan struct{}) {
+	log.Info("hello watcher...")
+	cli, err := c.KubeGen.KubeClient()
+	if err != nil {
+		log.Error(err)
+	}
+
+	if err != nil {
+		log.Fatalf("Error with kubernetes client: %s", err)
+	}
+
+	err = c.WatchSecrets(cli)
+	if err != nil {
+		log.Fatalf("Error with WatchSecrets: %s", err)
+	}
+
 	for {
 		select {
 		case <-stopChan:
 			log.Info("Ending watch")
 			return
-		default:
-			log.Info("hello watcher...")
 		}
 	}
 }