mutateDockerCreds (dockerconfigjson secret) doesn't support _json_key / Expects auth to contain separator of secrets.

[DandyDeveloper]

Describe the bug:
The mutating webhook for secrets has a specific function to manage dockerconfigjson type secrets:

https://github.com/banzaicloud/bank-vaults/blob/main/pkg/webhook/secret.go#L128

This function assumes that the content of your auth part of your config will consist of a format username:password and will fail to split the credentials if you try to pass in a _json_key which a number of cloud based private registries (GCP in my case) use for authenticating.

The content looks a little something like this:

_json_key:{
  "type": "service_account",
  "project_id": "fake-project",
  "private_key_id": "fakdndisnusdinsufdfhusdfohfewfhewf",
  "private_key": "-----BEGIN PRIVATE KEY-----\Lotsafakestuffhere\n-----END PRIVATE KEY-----\n",
  "client_email": "my-iam-account-example",
  "client_id": "292921iamfake22929",
  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
  "token_uri": "https://oauth2.googleapis.com/token",
  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
  "client_x509_cert_url": "noidontthinkso"
}

Expected behaviour:
I think this might turn into a feature as the function in question looks to be built on the pretense that username:password is user in the auth section of the .dockerconfigjson file.

The expected behaviour would be to NOT split and instead just fetch the secret as is.

Steps to reproduce the bug:
Create a secret like this:

apiVersion: v1
kind: Secret
type: kubernetes.io/dockerconfigjson
metadata:
  name: broken-thing
  annotations:
    vault.security.banzaicloud.io/vault-skip-verify: "true"
data: 
  .dockerconfigjson: eyJhdXRocyI6eyJodHRwczovL215cmVwb3YiOnsiYXV0aCI6ImRtRjFiSFE2YzJWamNtVjBMM0JoZEdndlpHOXVkQzlsZUdsemRBPT0ifX19

and you'll see in the injection part the following error: error="mutate dockerconfig json failed: splitting auth credentials failed"

Environment details:

• Kubernetes version (e.g. v1.10.2): v1.24.9-gke.2000
• Cloud-provider/provisioner (e.g. AKS, GKE, EKS, PKE etc): GKE
• bank-vaults version (e.g. 0.4.17): latest
• Install method (e.g. helm or static manifests): helm
• Logs from the misbehaving component (and any other relevant logs): See above.
• Resource definition (possibly in YAML format) that caused the issue, without sensitive data: Se above.

/kind bug

[github-actions]

Thank you for your contribution! This issue has been automatically marked as stale because it has no recent activity in the last 60 days. It will be closed in 20 days, if no further activity occurs. If this issue is still relevant, please leave a comment to let us know, and the stale label will be automatically removed.

[github-actions]

This issue has been marked stale for 20 days, and is now closed due to inactivity. If the issue is still relevant, please re-open this issue or file a new one. Thank you!

[DandyDeveloper]

Please reopen.

[ramizpolic]

We need to revisit the container code in general. will add it to the roadmap as a high-level item.