Allow optionally having a trailing slash for the metadata service end…

…point override

Makefile

@@ -165,7 +165,7 @@ GOLANGCI_LINT = $(LOCALBIN)/golangci-lint-$(GOLANGCI_LINT_VERSION)
 KUSTOMIZE_VERSION ?= v5.4.2
 CONTROLLER_TOOLS_VERSION ?= v0.15.0
 ENVTEST_VERSION ?= release-0.18
-GOLANGCI_LINT_VERSION ?= v1.57.2
+GOLANGCI_LINT_VERSION ?= v1.63.4
 
 .PHONY: kustomize
 kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary.

api/v1/pod_webhook.go

@@ -99,13 +99,18 @@ func (p *podIraInjector) Handle(ctx context.Context, request admission.Request)
 			},
 		})
 
+		endpoint := "http://127.0.0.1:9911"
+		if util.MapContains(pod.Annotations, "ira.ontsys.com/metadata-endpoint-trailing-slash") && pod.Annotations["ira.ontsys.com/metadata-endpoint-trailing-slash"] != "" {
+			endpoint += "/"
+		}
+
 		for i, c := range pod.Spec.Containers {
 			if c.Env == nil {
 				c.Env = make([]v1.EnvVar, 0)
 			}
 			c.Env = append(c.Env, v1.EnvVar{
 				Name:  "AWS_EC2_METADATA_SERVICE_ENDPOINT",
-				Value: "http://127.0.0.1:9911",
+				Value: endpoint,
 			})
 			pod.Spec.Containers[i] = c
 		}

api/v1/pod_webhook_test.go

@@ -225,5 +225,70 @@ var _ = Describe("Pod Webhook", func() {
 				})
 			})
 		})
+		Context("with IRA annotations and requiring a trailing slash", func() {
+			It("should mutate the pod", func() {
+				ctx := context.Background()
+				pod := &v1.Pod{
+					ObjectMeta: metav1.ObjectMeta{
+						Annotations: map[string]string{
+							"ira.ontsys.com/trust-anchor":                     "ta",
+							"ira.ontsys.com/profile":                          "p",
+							"ira.ontsys.com/role":                             "c",
+							"ira.ontsys.com/metadata-endpoint-trailing-slash": "true",
+						},
+						Name:      "annotated-trailing",
+						Namespace: "default",
+					},
+					Spec: v1.PodSpec{
+						Containers: []v1.Container{
+							{
+								Name:  "my-container",
+								Image: "my-image",
+							},
+						},
+					},
+				}
+				Expect(k8sClient.Create(ctx, pod)).To(Succeed())
+
+				Eventually(func() *gbytes.Buffer {
+					return buffer
+				}, 5*time.Second, 25*time.Millisecond).Should(gbytes.Say("Attempting to patch pod"))
+
+				mutatedPod := &v1.Pod{}
+				Eventually(func() bool {
+					err := k8sClient.Get(ctx, types.NamespacedName{
+						Namespace: "default",
+						Name:      "annotated-trailing",
+					}, mutatedPod)
+					return err == nil
+				}, 10*time.Second, 25*time.Millisecond).Should(BeTrue())
+				Expect(mutatedPod.Spec.Volumes).To(ContainElement(HaveField("Name", Equal("ira-cert"))))
+				Expect(mutatedPod.Spec.Volumes).To(ContainElement(HaveField("VolumeSource.Secret.SecretName", "annotated-trailing-ira")))
+				Expect(mutatedPod.Spec.Containers).To(HaveExactElements(HaveField("Env", ContainElement(v1.EnvVar{
+					Name:  "AWS_EC2_METADATA_SERVICE_ENDPOINT",
+					Value: "http://127.0.0.1:9911/",
+				}))))
+				Expect(mutatedPod.Spec.InitContainers).To(ContainElement(HaveField("Name", Equal("ira"))))
+				Expect(mutatedPod.Spec.InitContainers).To(ContainElement(HaveField("VolumeMounts", ContainElement(v1.VolumeMount{
+					Name:      "ira-cert",
+					MountPath: "/ira-cert",
+				}))))
+				Expect(mutatedPod.Spec.InitContainers).To(ContainElement(HaveField("Args", ContainElements("ta", "p", "c"))))
+				Expect(mutatedPod.Spec.InitContainers).To(ContainElement(HaveField("Resources", v1.ResourceRequirements{
+					Limits: v1.ResourceList{
+						v1.ResourceMemory: resource.MustParse("128Mi"),
+					},
+					Requests: v1.ResourceList{
+						v1.ResourceCPU:    resource.MustParse("250m"),
+						v1.ResourceMemory: resource.MustParse("64Mi"),
+					},
+				})))
+				Expect(mutatedPod.Spec.InitContainers).To(Not(ContainElement(HaveField("Resources", v1.ResourceRequirements{
+					Limits: v1.ResourceList{
+						v1.ResourceCPU: resource.MustParse("500m"),
+					},
+				}))))
+			})
+		})
 	})
 })

charts/ira-controller/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
-appVersion: "1.1.3"
+appVersion: "1.2.0"
 description: A Helm chart for the ira-controller
 name: ira-controller
 type: application
-version: 1.3.1
+version: 1.4.0