WIP: Labels for Secrets
This commit is contained in:
@@ -1,4 +1,4 @@
|
||||
FROM alpine:3.18.3
|
||||
FROM alpine:3.18.4
|
||||
|
||||
LABEL org.opencontainers.image.source=https://github.com/Lerentis/bitwarden-crd-operator
|
||||
LABEL org.opencontainers.image.description="Kubernetes Operator to create k8s secrets from bitwarden"
|
||||
@@ -7,7 +7,7 @@ LABEL org.opencontainers.image.licenses=MIT
|
||||
ARG PYTHON_VERSION=3.11.6-r0
|
||||
ARG PIP_VERSION=23.1.2-r0
|
||||
ARG GCOMPAT_VERSION=1.1.0-r1
|
||||
ARG LIBCRYPTO_VERSION=3.1.2-r0
|
||||
ARG LIBCRYPTO_VERSION=3.1.3-r0
|
||||
ARG BW_VERSION=2023.1.0
|
||||
|
||||
COPY requirements.txt /requirements.txt
|
||||
|
||||
@@ -14,7 +14,7 @@ spec:
|
||||
- bws
|
||||
versions:
|
||||
- name: v1beta4
|
||||
served: true
|
||||
served: false
|
||||
storage: true
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
@@ -49,3 +49,55 @@ spec:
|
||||
- id
|
||||
- namespace
|
||||
- name
|
||||
- name: v1beta5
|
||||
served: true
|
||||
storage: true
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
type: object
|
||||
properties:
|
||||
spec:
|
||||
type: object
|
||||
properties:
|
||||
content:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
element:
|
||||
type: object
|
||||
properties:
|
||||
secretName:
|
||||
type: string
|
||||
secretRef:
|
||||
type: string
|
||||
secretScope:
|
||||
type: string
|
||||
required:
|
||||
- secretName
|
||||
id:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
labels:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
json:
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
type: object
|
||||
properties:
|
||||
spec:
|
||||
type: object
|
||||
properties:
|
||||
foo:
|
||||
type: string
|
||||
bar:
|
||||
type: string
|
||||
required:
|
||||
- id
|
||||
- namespace
|
||||
- name
|
||||
|
||||
@@ -14,7 +14,7 @@ spec:
|
||||
- bwt
|
||||
versions:
|
||||
- name: v1beta4
|
||||
served: true
|
||||
served: false
|
||||
storage: true
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
@@ -36,3 +36,42 @@ spec:
|
||||
- template
|
||||
- namespace
|
||||
- name
|
||||
- name: v1beta5
|
||||
served: true
|
||||
storage: true
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
type: object
|
||||
properties:
|
||||
spec:
|
||||
type: object
|
||||
properties:
|
||||
filename:
|
||||
type: string
|
||||
template:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
labels:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
json:
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
type: object
|
||||
properties:
|
||||
spec:
|
||||
type: object
|
||||
properties:
|
||||
foo:
|
||||
type: string
|
||||
bar:
|
||||
type: string
|
||||
required:
|
||||
- filename
|
||||
- template
|
||||
- namespace
|
||||
- name
|
||||
|
||||
@@ -14,7 +14,7 @@ spec:
|
||||
- rgc
|
||||
versions:
|
||||
- name: v1beta4
|
||||
served: true
|
||||
served: false
|
||||
storage: true
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
@@ -42,3 +42,48 @@ spec:
|
||||
- usernameRef
|
||||
- passwordRef
|
||||
- registry
|
||||
- name: v1beta5
|
||||
served: true
|
||||
storage: true
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
type: object
|
||||
properties:
|
||||
spec:
|
||||
type: object
|
||||
properties:
|
||||
usernameRef:
|
||||
type: string
|
||||
passwordRef:
|
||||
type: string
|
||||
registry:
|
||||
type: string
|
||||
id:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
labels:
|
||||
type: array
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
json:
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
type: object
|
||||
properties:
|
||||
spec:
|
||||
type: object
|
||||
properties:
|
||||
foo:
|
||||
type: string
|
||||
bar:
|
||||
type: string
|
||||
required:
|
||||
- id
|
||||
- namespace
|
||||
- name
|
||||
- usernameRef
|
||||
- passwordRef
|
||||
- registry
|
||||
|
||||
10
example.yaml
10
example.yaml
@@ -1,5 +1,5 @@
|
||||
---
|
||||
apiVersion: "lerentis.uploadfilter24.eu/v1beta4"
|
||||
apiVersion: "lerentis.uploadfilter24.eu/v1beta5"
|
||||
kind: BitwardenSecret
|
||||
metadata:
|
||||
name: test
|
||||
@@ -16,8 +16,10 @@ spec:
|
||||
id: "88781348-c81c-4367-9801-550360c21295"
|
||||
name: "test-secret"
|
||||
namespace: "default"
|
||||
labels:
|
||||
- key: value
|
||||
---
|
||||
apiVersion: "lerentis.uploadfilter24.eu/v1beta4"
|
||||
apiVersion: "lerentis.uploadfilter24.eu/v1beta5"
|
||||
kind: BitwardenSecret
|
||||
metadata:
|
||||
name: test-scope
|
||||
@@ -29,4 +31,6 @@ spec:
|
||||
secretScope: fields
|
||||
id: "466fc4b0-ffca-4444-8d88-b59d4de3d928"
|
||||
name: "test-scope"
|
||||
namespace: "default"
|
||||
namespace: "default"
|
||||
labels:
|
||||
- key: value
|
||||
@@ -44,6 +44,7 @@ def create_managed_registry_secret(spec, name, namespace, logger, **kwargs):
|
||||
id = spec.get('id')
|
||||
secret_name = spec.get('name')
|
||||
secret_namespace = spec.get('namespace')
|
||||
labels = spec.get('labels')
|
||||
|
||||
unlock_bw(logger)
|
||||
logger.info(f"Locking up secret with ID: {id}")
|
||||
@@ -55,9 +56,13 @@ def create_managed_registry_secret(spec, name, namespace, logger, **kwargs):
|
||||
"managed": "registry-credential.lerentis.uploadfilter24.eu",
|
||||
"managedObject": f"{namespace}/{name}"
|
||||
}
|
||||
|
||||
if not labels:
|
||||
labels = {}
|
||||
|
||||
secret = kubernetes.client.V1Secret()
|
||||
secret.metadata = kubernetes.client.V1ObjectMeta(
|
||||
name=secret_name, annotations=annotations)
|
||||
name=secret_name, annotations=annotations, labels=labels)
|
||||
secret = create_dockerlogin(
|
||||
logger,
|
||||
secret,
|
||||
@@ -66,7 +71,7 @@ def create_managed_registry_secret(spec, name, namespace, logger, **kwargs):
|
||||
password_ref,
|
||||
registry)
|
||||
|
||||
obj = api.create_namespaced_secret(
|
||||
api.create_namespaced_secret(
|
||||
secret_namespace, secret
|
||||
)
|
||||
|
||||
|
||||
@@ -41,6 +41,7 @@ def create_managed_secret(spec, name, namespace, logger, body, **kwargs):
|
||||
id = spec.get('id')
|
||||
secret_name = spec.get('name')
|
||||
secret_namespace = spec.get('namespace')
|
||||
labels = spec.get('labels')
|
||||
|
||||
unlock_bw(logger)
|
||||
logger.info(f"Locking up secret with ID: {id}")
|
||||
@@ -52,12 +53,16 @@ def create_managed_secret(spec, name, namespace, logger, body, **kwargs):
|
||||
"managed": "bitwarden-secret.lerentis.uploadfilter24.eu",
|
||||
"managedObject": f"{namespace}/{name}"
|
||||
}
|
||||
|
||||
if not labels:
|
||||
labels = {}
|
||||
|
||||
secret = kubernetes.client.V1Secret()
|
||||
secret.metadata = kubernetes.client.V1ObjectMeta(
|
||||
name=secret_name, annotations=annotations)
|
||||
name=secret_name, annotations=annotations, labels=labels)
|
||||
secret = create_kv(secret, secret_json_object, content_def)
|
||||
|
||||
obj = api.create_namespaced_secret(
|
||||
api.create_namespaced_secret(
|
||||
namespace="{}".format(secret_namespace),
|
||||
body=secret
|
||||
)
|
||||
|
||||
@@ -33,6 +33,7 @@ def create_managed_secret(spec, name, namespace, logger, body, **kwargs):
|
||||
filename = spec.get('filename')
|
||||
secret_name = spec.get('name')
|
||||
secret_namespace = spec.get('namespace')
|
||||
labels = spec.get('labels')
|
||||
|
||||
unlock_bw(logger)
|
||||
|
||||
@@ -42,9 +43,13 @@ def create_managed_secret(spec, name, namespace, logger, body, **kwargs):
|
||||
"managed": "bitwarden-template.lerentis.uploadfilter24.eu",
|
||||
"managedObject": f"{namespace}/{name}"
|
||||
}
|
||||
|
||||
if not labels:
|
||||
labels = {}
|
||||
|
||||
secret = kubernetes.client.V1Secret()
|
||||
secret.metadata = kubernetes.client.V1ObjectMeta(
|
||||
name=secret_name, annotations=annotations)
|
||||
name=secret_name, annotations=annotations, labels=labels)
|
||||
secret = create_template_secret(logger, secret, filename, template)
|
||||
|
||||
obj = api.create_namespaced_secret(
|
||||
|
||||
Reference in New Issue
Block a user