diff --git a/flytepropeller/pkg/webhook/gcp_secret_manager.go b/flytepropeller/pkg/webhook/gcp_secret_manager.go index f17c1509a..eafa40986 100644 --- a/flytepropeller/pkg/webhook/gcp_secret_manager.go +++ b/flytepropeller/pkg/webhook/gcp_secret_manager.go @@ -42,24 +42,14 @@ func formatGCPSecretAccessCommand(secret *core.Secret) []string { // users, so we fix the file permissions with `chmod`. secretDir := strings.ToLower(filepath.Join(GCPSecretMountPath, secret.Group)) secretPath := strings.ToLower(filepath.Join(secretDir, secret.GroupVersion)) - args := []string{ - "gcloud", - "secrets", - "versions", - "access", + args := fmt.Sprintf( + "gcloud secrets versions access %[1]s/versions/%[2]s --out-file=%[4]s || gcloud secrets versions access %[2]s --secret=%[1]s --out-file=%[4]s; chmod +rX %[3]s %[4]s", + secret.Group, secret.GroupVersion, - fmt.Sprintf("--secret=%s", secret.Group), - fmt.Sprintf( - "--out-file=%s", - secretPath, - ), - "&&", - "chmod", - "+rX", secretDir, secretPath, - } - return []string{"sh", "-c", strings.Join(args, " ")} + ) + return []string{"sh", "-ec", args} } func formatGCPInitContainerName(index int) string { diff --git a/flytepropeller/pkg/webhook/gcp_secret_manager_test.go b/flytepropeller/pkg/webhook/gcp_secret_manager_test.go index 26805eafc..e9dec5c44 100644 --- a/flytepropeller/pkg/webhook/gcp_secret_manager_test.go +++ b/flytepropeller/pkg/webhook/gcp_secret_manager_test.go @@ -39,8 +39,8 @@ func TestGCPSecretManagerInjector_Inject(t *testing.T) { Image: "gcr.io/google.com/cloudsdktool/cloud-sdk:alpine", Command: []string{ "sh", - "-c", - "gcloud secrets versions access 2 --secret=TestSecret --out-file=/etc/flyte/secrets/testsecret/2 && chmod +rX /etc/flyte/secrets/testsecret /etc/flyte/secrets/testsecret/2", + "-ec", + "gcloud secrets versions access TestSecret/versions/2 --out-file=/etc/flyte/secrets/testsecret/2 || gcloud secrets versions access 2 --secret=TestSecret --out-file=/etc/flyte/secrets/testsecret/2; chmod +rX /etc/flyte/secrets/testsecret /etc/flyte/secrets/testsecret/2", }, Env: []corev1.EnvVar{ {