Proof of concept for custom secret mount paths

dominodatalab · Jan 17, 2025 · 58157a0 · 58157a0
1 parent b512e38
commit 58157a0
Showing 5 changed files with 16 additions and 0 deletions.
diff --git a/api/openapi-spec/swagger.json b/api/openapi-spec/swagger.json
@@ -3328,6 +3328,9 @@
     ".SecretReference": {
       "type": "object",
       "properties": {
+        "mountPath": {
+          "type": "string"
+        },
         "name": {
           "type": "string"
         },

diff --git a/deployments/crds/hephaestus.dominodatalab.com_imagebuilds.yaml b/deployments/crds/hephaestus.dominodatalab.com_imagebuilds.yaml
@@ -140,6 +140,8 @@ spec:
                   expose to individual image builds.
                 items:
                   properties:
+                    mountPath:
+                      type: string
                     name:
                       type: string
                     namespace:

diff --git a/pkg/api/hephaestus/v1/types.go b/pkg/api/hephaestus/v1/types.go
@@ -64,6 +64,7 @@ type RegistryCredentials struct {
 type SecretReference struct {
 	Name      string `json:"name,omitempty"`
 	Namespace string `json:"namespace,omitempty"`
+	MountPath string `json:"mountPath,omitempty"`
 }
 
 // ImageBuildStatusTransitionMessage contains information about ImageBuild status transitions.

diff --git a/pkg/api/hephaestus/v1/zz_generated.openapi.go b/pkg/api/hephaestus/v1/zz_generated.openapi.go
diff --git a/pkg/controller/support/secrets/secrets.go b/pkg/controller/support/secrets/secrets.go
@@ -69,6 +69,10 @@ func ReadSecrets(
 			}
 		}
 
+		if secretRef.MountPath != "" {
+			path = secretRef.MountPath
+		}
+
 		// builds a path for the secret like {namespace}/{name}/{key} to avoid hash key collisions
 		for filename, data := range secret.Data {
 			name := strings.Join([]string{path, filename}, "/")