in lib/addons/secrets-store/csi-driver-provider-aws-secrets.ts [153:201]
protected addPolicyToServiceAccount() {
this.csiSecrets.forEach((csiSecret) => {
const data: KubernetesSecretObjectData[] = [];
let kubernetesSecret: KubernetesSecret;
let secretName: string;
const secret: ISecret | IStringParameter = csiSecret.secretProvider.provide(this.clusterInfo);
if (Object.hasOwnProperty.call(secret, 'secretArn')) {
const secretManagerSecret = secret as ISecret;
secretName = secretManagerSecret.secretName;
const parameterObject = createParameterObject(csiSecret, secretName, AwsSecretType.SECRETSMANAGER);
this.parameterObjects.push(parameterObject);
secretManagerSecret.grantRead(this.serviceAccount);
}
else {
const ssmSecret = secret as IStringParameter;
secretName = ssmSecret.parameterName;
const parameterObject = createParameterObject(csiSecret, secretName, AwsSecretType.SSMPARAMETER);
this.parameterObjects.push(parameterObject);
ssmSecret.grantRead(this.serviceAccount);
}
if (csiSecret.kubernetesSecret) {
if (csiSecret.kubernetesSecret.data) {
csiSecret.kubernetesSecret.data.forEach((item) => {
const dataObject: KubernetesSecretObjectData = {
objectName: item.objectName ?? secretName,
key: item.key ?? secretName
};
data.push(dataObject);
});
}
else {
const dataObject: KubernetesSecretObjectData = {
objectName: secretName,
key: secretName
};
data.push(dataObject);
}
kubernetesSecret = {
secretName: csiSecret.kubernetesSecret.secretName,
type: csiSecret.kubernetesSecret.type ?? KubernetesSecretType.OPAQUE,
labels: csiSecret.kubernetesSecret.labels ?? undefined,
data,
};
this.kubernetesSecrets.push(kubernetesSecret);
}
});
}