lerentis/bitwarden-crd-operator
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 18 Wiki Activity

signin and unlock working
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source 
json parsing of secret sadly not
This commit is contained in:
Tobias Trabelsi 2022-09-13 23:18:27 +02:00
parent 7528cf41c8
commit 122f623bc8
Signed by: lerentis
GPG Key ID: FF0C2839718CAF2E
1 changed files with 24 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
bitwarden-crd-operator.py
View File

@ -3,26 +3,34 @@ import kopf
import kubernetes import kubernetes
import base64 import base64
import os import os
import subprocess
import json import json
def get_secret_from_bitwarden(id): def get_secret_from_bitwarden(logger, id):
return command_wrapper(f" item {id}") return command_wrapper(logger, f"get item {id}")
def command_wrapper(command): def unlock_bw(logger):
output = os.os.popen(f"bw {command}") token_output = command_wrapper(logger, "unlock --passwordenv BW_PASSWORD")
return output tokens = token_output.split('"')[1::2]
os.environ["BW_SESSION"] = tokens[1]
logger.info("Signin successful. Session exported")
def command_wrapper(logger, command):
system_env = dict(os.environ)
sp = subprocess.Popen([f"bw {command}"], stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True, shell=True, env=system_env)
out, err = sp.communicate()
if err:
logger.warn(f"Error during bw cli invokement: {err}")
return str(out)
@kopf.on.startup() @kopf.on.startup()
def bitwarden_signin(logger, **kwargs): def bitwarden_signin(logger, **kwargs):
if 'BW_HOST' in os.environ: if 'BW_HOST' in os.environ:
output = os.popen(f"bw config server {os.getenv('BW_HOST')}") command_wrapper(logger, f"config server {os.getenv('BW_HOST')}")
else: else:
logger.info(f"BW_HOST not set. Assuming SaaS installation") logger.info(f"BW_HOST not set. Assuming SaaS installation")
command_wrapper("login --apikey") command_wrapper(logger, "login --apikey")
token_output = command_wrapper("unlock --passwordenv BW_PASSWORD") unlock_bw(logger)
for line in token_output:
if "export BW_SESSION" in line:
os.popen(line.replace("$", ""))
@kopf.on.create('bitwarden-secrets.lerentis.uploadfilter24.eu') @kopf.on.create('bitwarden-secrets.lerentis.uploadfilter24.eu')
def create_fn(spec, name, namespace, logger, **kwargs): def create_fn(spec, name, namespace, logger, **kwargs):
@ -32,7 +40,11 @@ def create_fn(spec, name, namespace, logger, **kwargs):
secret_name = spec.get('name') secret_name = spec.get('name')
secret_namespace = spec.get('namespace') secret_namespace = spec.get('namespace')
secret_json_object = json.loads(get_secret_from_bitwarden(id)) unlock_bw(logger)
secret_json_string = get_secret_from_bitwarden(logger, id)
secret_json_object = json.loads(secret_json_string)
api = kubernetes.client.CoreV1Api() api = kubernetes.client.CoreV1Api()