github_mirrors/attachment
3
0
Fork 1
mirror of https://github.com/openappsec/attachment.git synced 2025-08-13 13:25:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

add service account

Browse Source
This commit is contained in:
wiaamm 2025-07-01 10:22:41 +03:00
parent a712ff8442
commit 6b1a07c1e9
1 changed files with 28 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
docker/openappsec-waf-webhook/webhook_server.py
View File

@ -644,6 +644,15 @@ def mutate():
else:
app.logger.debug(f"AGENT_KIND is {AGENT_KIND}, skipping Istio-specific removal.")
# For kong agents, set automountServiceAccountToken back to false
if 'automountServiceAccountToken' in obj.get('spec', {}):
patches.append({
"op": "replace",
"path": "/spec/automountServiceAccountToken",
"value": False
})
app.logger.debug("Set automountServiceAccountToken=false for kong agent removal")
# Remove the sidecar container if it exists (common for all agent kinds)
if sidecar_exists:
for idx, container in enumerate(containers):
@ -747,6 +756,25 @@ def mutate():
else:
app.logger.debug(f"AGENT_KIND is {AGENT_KIND}, skipping Istio-specific components.")
# For kong agents (like Kong), set automountServiceAccountToken to true
current_spec = obj.get('spec', {})
if 'automountServiceAccountToken' in current_spec:
# Field exists, replace it
patches.append({
"op": "replace",
"path": "/spec/automountServiceAccountToken",
"value": True
})
app.logger.debug("Replaced existing automountServiceAccountToken=true for kong agent")
else:
# Field doesn't exist, add it
patches.append({
"op": "add",
"path": "/spec/automountServiceAccountToken",
"value": True
})
app.logger.debug("Added automountServiceAccountToken=true for kong agent")
# Add the sidecar container (common for all agent kinds)
if not sidecar_exists:
patches.append({