DEVHIDE
Login Or Sign up

transforming configMapKeyRef into secretKeyRef with jq

161 Views Asked by At

Here is my deploy input

{
  "apiVersion": "apps/v1",
  "kind": "Deployment",
  "spec": {
    "replicas": 1,
    "selector": {
      "matchLabels": {
        "io.kompose.service": "item-api"
      }
    },
    "strategy": {
      "type": "Recreate"
    },
    "template": {
      "spec": {
        "containers": [
          {
            "env": [
              {
                "name": "APP_JWTSECRET",
                "valueFrom": {
                  "configMapKeyRef": {
                    "key": "APP_JWTSECRET",
                    "name": "item-api-env"
                  }
                }
              },
              {
                "name": "SPRING_DATASOURCE_BASEXML_JDBCURL",
                "valueFrom": {
                  "configMapKeyRef": {
                    "key": "SPRING_DATASOURCE_BASEXML_JDBCURL",
                    "name": "item-api-env"
                  }
                }
              }
...

For each item into env, I'd like to transform the configMapKeyRef into secretKeyRefif name contains (SECRET|PASSWORD|KEY) pattern and then replace the secretKeyRef name by the key name into lowcase.

for example:

                "name": "APP_JWTSECRET",
                "valueFrom": {
                  "configMapKeyRef": {
                    "key": "APP_JWTSECRET",
                    "name": "item-api-env"
                  }
                }
              }

would be transformed into

                "name": "APP_JWTSECRET",
                "valueFrom": {
                  "secretKeyRef": {
                    "key": "APP_JWTSECRET",
                    "name": "app-jwtsecret"
                  }
                }
              }

I tried some kind of manipulation with with_entries without any success:

jq -r '.spec.template.spec.containers[].env[]|with_entries(.key |test(PASSWORD|SECRET))'
json kubernetes jq kubernetes-secrets
Original Q&A
3

There are 3 best solutions below

0
On BEST ANSWER

Here's one way you could do it. The containers and env array are rewritten with the desired modification, or kept "as is" if the condition isn't met.

.spec.template.spec.containers
|= map(
    (.env
     |= map(
          if (.name|test("SECRET|PASSWORD|KEY"))
          then .valueFrom
            |= with_entries(.key="secretKeyRef"
                 |.value.name=(.value.key|ascii_downcase|gsub("_";"-"))
               )
          else .
          end
        )
    )? // .
)

Try it on jqplay.org.

2
On

One way to use jq would be to do below.

.spec.template.spec.containers[].env[] |= {name} + 
if .name | test("SECRET|PASSWORD|KEY") then 
    .valueFrom |= ( 
        with_entries(
            if .key == "configMapKeyRef" then .key = "secretKeyRef" end | 
                .value |= {key} + {name: .key|ascii_downcase}
        )
    )
end

jqplay demo - https://jqplay.org/s/UfYQYpJIa6o

2
On
  • Navigate to the desired locations: .spec.template.spec.containers[].env[]?
  • Filter for those matching your criteria: select(.name | test("SECRET|PASSWORD|KEY"))
  • Take those results and go deeper: (…).valueFrom
  • Update it with access to .key and .value: |= with_entries(…)
  • Only if the key matches that name: select(.key == "configMapKeyRef") |= …
  • By redefining key and value: {key: "secretKeyRef", value: …}
  • The new value is based on the previous value, and assigns the lowercase key to name: .value | .name = (.key | ascii_downcase)
(
    .spec.template.spec.containers[].env[]?
    | select(.name | test("SECRET|PASSWORD|KEY"))
)

.valueFrom |= with_entries(select(.key == "configMapKeyRef") |= {
    key: "secretKeyRef", value: (.value | .name = (.key | ascii_downcase))
})

{
  "apiVersion": "apps/v1",
  "kind": "Deployment",
  "spec": {
    "replicas": 1,
    "selector": {
      "matchLabels": {
        "io.kompose.service": "item-api"
      }
    },
    "strategy": {
      "type": "Recreate"
    },
    "template": {
      "spec": {
        "containers": [
          {
            "env": [
              {
                "name": "APP_JWTSECRET",
                "valueFrom": {
                  "secretKeyRef": {
                    "key": "APP_JWTSECRET",
                    "name": "app_jwtsecret"
                  }
                }
              },
              {
                "name": "SPRING_DATASOURCE_BASEXML_JDBCURL",
                "valueFrom": {
                  "configMapKeyRef": {
                    "key": "SPRING_DATASOURCE_BASEXML_JDBCURL",
                    "name": "item-api-env"
                  }
                }
              }
            ]
          }
        ]
      }
    }
  }
}

Demo

Note: I regarded the change from app_jwtsecret to app-jwtsecret a typo.

Related Questions in JSON

Related Questions in KUBERNETES

Related Questions in JQ

Related Questions in KUBERNETES-SECRETS

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.