fix(webhook): do not add environment variables when they are empty (#1593)

Signed-off-by: Igor Beliakov <[email protected]>

Author: weisdd

pkg/webhook/webhook.go

@@ -394,9 +394,9 @@ func addEnvironmentVariables(container corev1.Container, clientID, tenantID, azu
 		{Name: AzureAuthorityHostEnvVar, Value: azureAuthorityHost},
 	}
 
-	// append only the ones not already present
+	// append the ones that are not already present (only if desired env contains a non-empty value)
 	for _, env := range desiredEnvs {
-		if _, ok := m[env.Name]; !ok {
+		if _, ok := m[env.Name]; !ok && env.Value != "" {
 			container.Env = append(container.Env, env)
 		}
 	}

pkg/webhook/webhook_test.go

@@ -627,6 +627,29 @@ func TestAddEnvironmentVariables(t *testing.T) {
 			}
 		})
 	}
+
+	t.Run("environment variables are not added when empty", func(t *testing.T) {
+		container := corev1.Container{
+			Name:  "cont1",
+			Image: "image",
+		}
+
+		expectedContainer := corev1.Container{
+			Name:  "cont1",
+			Image: "image",
+			Env: []corev1.EnvVar{
+				{
+					Name:  AzureFederatedTokenFileEnvVar,
+					Value: filepath.Join(TokenFileMountPath, TokenFilePathName),
+				},
+			},
+		}
+
+		actualContainer := addEnvironmentVariables(container, "", "", "")
+		if !reflect.DeepEqual(actualContainer, expectedContainer) {
+			t.Fatalf("expected: %v, got: %v", expectedContainer, actualContainer)
+		}
+	})
 }
 
 func TestAddProjectServiceAccountTokenVolumeMount(t *testing.T) {