Add a workaround for updating webhook status in package secret

Pepr fluent client does not currently support force Apply() Workaround is to clear managedFields and updated webhook status in a single Patch request
defenseunicorns · Oct 8, 2023 · fe59a0f · fe59a0f
1 parent 0eb03b5
commit fe59a0f
Show file tree

Hide file tree

Showing 2 changed files with 45 additions and 24 deletions.
diff --git a/capabilities/webhook.ts b/capabilities/webhook.ts
@@ -1,5 +1,5 @@
 import { Capability, Log, a, K8s, kind } from "pepr";
-// import { Operation } from "fast-json-patch";
+import { Operation } from "fast-json-patch";
 import { isECRregistry, getAccountId, getRepositoryNames } from "./lib/utils";
 import { ECRPublic, publicECRURLPattern } from "./ecr-public";
 import { ECRPrivate, privateECRURLPattern } from "./ecr-private";
@@ -198,7 +198,9 @@ async function updateWebhookStatus(
     secret = await K8s(kind.Secret).InNamespace(ns).Get(secretName);
   } catch (err) {
     Log.error(
-      `Error: Failed to get package secret '${secretName}' in namespace '${ns}': ${err.message}`,
+      `Error: Failed to get package secret '${secretName}' in namespace '${ns}': ${JSON.stringify(
+        err,
+      )}`,
     );
   }
 
@@ -232,25 +234,44 @@ async function updateWebhookStatus(
     secret.data.data = JSON.stringify(deployedPackage);
   }
 
-  // const patchOperations: Operation[] = [
-  //   { op: "replace", path: "/data/data", value: secret.data.data },
-  // ];
+  // Clear managedFields to allow Pepr to take ownership of the secret data.data field and update webhook status
+  // For more information on clearing managedFields to take ownership of an object's field(s): https://kubernetes.io/docs/reference/using-api/server-side-apply/#clearing-managedfields
+  // TODO: Update to use Server-Side force apply when available in Pepr: https://github.com/defenseunicorns/kubernetes-fluent-client/issues/9
+  const patchOps: Operation[] = [
+    { op: "replace", path: "/metadata/managedFields", value: [{}] },
+    { op: "replace", path: "/data/data", value: secret.data.data },
+  ];
 
-  // await K8s(kind.Secret).Patch(patchOperations);
+  const kube = K8s(kind.Secret, { namespace: ns, name: secretName });
 
   try {
-    await K8s(kind.Secret).Apply({
-      metadata: {
-        name: secretName,
-        namespace: ns,
-      },
-      data: {
-        data: secret.data.data,
-      },
-    });
+    await kube.Patch(patchOps);
+    Log.debug(
+      `Successfully updated package secret '${secretName}' in namespace '${ns}'`,
+    );
   } catch (err) {
     Log.error(
-      `Error: Failed to update package secret '${secretName}' in namespace '${ns}'`,
+      `Error: Failed to update package secret '${secretName}' in namespace '${ns}': ${JSON.stringify(
+        err,
+      )}`,
     );
   }
+
+  // try {
+  //   await K8s(kind.Secret).Apply({
+  //     metadata: {
+  //       name: secretName,
+  //       namespace: ns,
+  //     },
+  //     data: {
+  //       data: secret.data.data,
+  //     },
+  //   });
+  // } catch (err) {
+  //   Log.error(
+  //     `Error: Failed to update package secret '${secretName}' in namespace '${ns}': ${JSON.stringify(
+  //       err,
+  //     )}`,
+  //   );
+  // }
 }
diff --git a/manifests/pepr-module-b95dbd80-e078-5eb9-aaf3-bcb9567417d0.yaml b/manifests/pepr-module-b95dbd80-e078-5eb9-aaf3-bcb9567417d0.yaml