Skip to content

Commit

Permalink
Enhance based on comments
Browse files Browse the repository at this point in the history
Enhance based on comments
  • Loading branch information
kevinteng525 committed Dec 5, 2022
1 parent b0f79a3 commit 99ef697
Show file tree
Hide file tree
Showing 4 changed files with 24 additions and 8 deletions.
6 changes: 5 additions & 1 deletion adapter/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -135,7 +135,11 @@ func (a *Adapter) makeProvider(ctx context.Context, globalHTTPTimeout time.Durat
broadcaster := record.NewBroadcaster()
recorder := broadcaster.NewRecorder(scheme, corev1.EventSource{Component: "keda-metrics-adapter"})

kubeClientset, _ := kubernetes.NewForConfig(ctrl.GetConfigOrDie())
kubeClientset, err := kubernetes.NewForConfig(cfg)
if err != nil {
logger.Error(err, "Unable to create kube clientset")
return nil, nil, err
}
objectNamespace, err := kedautil.GetClusterObjectNamespace()
if err != nil {
logger.Error(err, "Unable to get cluster object namespace")
Expand Down
6 changes: 5 additions & 1 deletion main.go
Original file line number Diff line number Diff line change
Expand Up @@ -162,7 +162,11 @@ func main() {
globalHTTPTimeout := time.Duration(globalHTTPTimeoutMS) * time.Millisecond
eventRecorder := mgr.GetEventRecorderFor("keda-operator")

kubeClientset, _ := kubernetes.NewForConfig(ctrl.GetConfigOrDie())
kubeClientset, err := kubernetes.NewForConfig(cfg)
if err != nil {
setupLog.Error(err, "Unable to create kube clientset")
os.Exit(1)
}
objectNamespace, err := kedautil.GetClusterObjectNamespace()
if err != nil {
setupLog.Error(err, "Unable to get cluster object namespace")
Expand Down
13 changes: 7 additions & 6 deletions pkg/scaling/resolver/scale_resolvers.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,6 @@ import (
"bytes"
"context"
"fmt"
"os"
"strings"

"github.com/go-logr/logr"
Expand All @@ -43,17 +42,19 @@ const (
referenceCloser = ')'
)

var kedaNamespace, _ = util.GetClusterObjectNamespace()
var (
kedaNamespace, _ = util.GetClusterObjectNamespace()
restrictSecretAccess = util.GetRestrictSecretAccess()
)


// isSecretAccessRestricted returns whether secret access need to be restricted in KEDA namespace
func isSecretAccessRestricted(logger logr.Logger) bool {
const RestrictSecretAccessEnvVar = "KEDA_RESTRICT_SECRET_ACCESS"
restrictSecretAccess, found := os.LookupEnv(RestrictSecretAccessEnvVar)
if !found {
if restrictSecretAccess == "" {
return false
}
if strings.ToLower(restrictSecretAccess) == "true" {
logger.V(1).Info("Secret Access is restricted to be in KEDA namespace, pls. use ClusterTriggerAuthentication instead of TriggerAuthentication", "Env Var", RestrictSecretAccessEnvVar, "Env Value", strings.ToLower(restrictSecretAccess))
logger.V(1).Info("Secret Access is restricted to be in Cluster Object Namespace, please use ClusterTriggerAuthentication instead of TriggerAuthentication", "Cluster Object Namespace", kedaNamespace, "Env Var", util.RestrictSecretAccessEnvVar, "Env Value", strings.ToLower(restrictSecretAccess))
return true
}
return false
Expand Down
7 changes: 7 additions & 0 deletions pkg/util/env_resolver.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@ import (
"time"
)

const RestrictSecretAccessEnvVar = "KEDA_RESTRICT_SECRET_ACCESS"

var clusterObjectNamespaceCache *string

func ResolveOsEnvBool(envName string, defaultValue bool) (bool, error) {
Expand Down Expand Up @@ -73,3 +75,8 @@ func GetClusterObjectNamespace() (string, error) {
clusterObjectNamespaceCache = &strData
return strData, nil
}

// GetRestrictSecretAccess retrieves the value of the environment variable of KEDA_RESTRICT_SECRET_ACCESS
func GetRestrictSecretAccess() string {
return os.Getenv(RestrictSecretAccessEnvVar)
}

0 comments on commit 99ef697

Please sign in to comment.