Updated CRDs and added custom secret type to templates

charts/bitwarden-crd-operator/Chart.yaml

@@ -37,12 +37,12 @@ annotations:
       displayName: Bitwarden Secret
       description: Management Object to create secrets from bitwarden
     - kind: RegistryCredential
-      version: v1beta6
+      version: v1beta7
       name: registry-credential
       displayName: Regestry Credentials
       description: Management Object to create regestry secrets from bitwarden
     - kind: BitwardenTemplate
-      version: v1beta6
+      version: v1beta7
       name: bitwarden-template
       displayName: Bitwarden Template
       description: Management Object to create secrets from a jinja template with a bitwarden lookup
@@ -67,7 +67,7 @@ annotations:
           key: value
         annotations:
           key: value
-    - apiVersion: lerentis.uploadfilter24.eu/v1beta6
+    - apiVersion: lerentis.uploadfilter24.eu/v1beta7
       kind: RegistryCredential
       metadata:
         name: test
@@ -82,13 +82,14 @@ annotations:
           key: value
         annotations:
           key: value
-    - apiVersion: "lerentis.uploadfilter24.eu/v1beta6"
+    - apiVersion: "lerentis.uploadfilter24.eu/v1beta7"
       kind: BitwardenTemplate
       metadata:
         name: test
       spec:
         filename: "config.yaml"
         name: "test-regcred"
+        secretType: Obaque #Optional
         namespace: "default"
         labels:
           key: value
@@ -110,22 +111,10 @@ annotations:
   artifacthub.io/changes: |
     - kind: added
       description: "Allow custom type for generated secrets"
-    - kind: changed
-      description: "Update python to 3.11.9-r0"
-    - kind: changed
-      description: "Update Node to 20.12.1-r0"
-    - kind: changed
-      description: "Update libcrypto3 to 3.1.4-r5"
-    - kind: changed
-      description: "Update alpine to 3.19.1"
-    - kind: changed
-      description: "Update kopf to 1.37.2"
-    - kind: changed
-      description: "Update jinja to 3.1.4"
     - kind: added
-      description: "Allow custom annotations to generated secrets"
+      description: "Allow attachments in generated secrets"
     - kind: added
-      description: "Set ownership of generated secrets if CRD is in the same namespace"
+      description: "Allow custom type in templated secrets"
   artifacthub.io/images: |
     - name: bitwarden-crd-operator
       image: ghcr.io/lerentis/bitwarden-crd-operator:0.12.0

charts/bitwarden-crd-operator/crds/bitwarden-templates.yaml

@@ -66,7 +66,8 @@ spec:
                 - name
     - name: v1beta6
       served: true
-      storage: true
+      storage: false
+      deprecated: true
       schema:
         openAPIV3Schema:
           type: object
@@ -93,3 +94,34 @@ spec:
                 - template
                 - namespace
                 - name
+    - name: v1beta7
+      served: true
+      storage: true
+      schema:
+        openAPIV3Schema:
+          type: object
+          properties:
+            spec:
+              type: object
+              properties:
+                filename:
+                  type: string
+                template:
+                  type: string
+                namespace:
+                  type: string
+                name:
+                  type: string
+                secretType: 
+                  type: string
+                labels:
+                  type: object
+                  x-kubernetes-preserve-unknown-fields: true
+                annotations:
+                  type: object
+                  x-kubernetes-preserve-unknown-fields: true
+              required:
+                - filename
+                - template
+                - namespace
+                - name

charts/bitwarden-crd-operator/crds/registry-credentials.yaml

@@ -77,6 +77,42 @@ spec:
                 - passwordRef
                 - registry
     - name: v1beta6
+      served: true
+      storage: false
+      deprecated: true
+      schema:
+        openAPIV3Schema:
+          type: object
+          properties:
+            spec:
+              type: object
+              properties:
+                usernameRef:
+                  type: string
+                passwordRef:
+                  type: string
+                registry:
+                  type: string
+                id:
+                  type: string
+                namespace:
+                  type: string
+                name:
+                  type: string
+                labels:
+                  type: object
+                  x-kubernetes-preserve-unknown-fields: true
+                annotations:
+                  type: object
+                  x-kubernetes-preserve-unknown-fields: true
+              required:
+                - id
+                - namespace
+                - name
+                - usernameRef
+                - passwordRef
+                - registry
+    - name: v1beta7
       served: true
       storage: true
       schema:

src/template.py

@@ -17,7 +17,6 @@ def render_template(logger, template):
 
 
 def create_template_secret(logger, secret, filename, template):
-    secret.type = "Opaque"
     secret.data = {}
     secret.data[filename] = str(
         base64.b64encode(
@@ -35,6 +34,7 @@ def create_managed_secret(spec, name, namespace, logger, body, **kwargs):
     secret_namespace = spec.get('namespace')
     labels = spec.get('labels')
     custom_annotations = spec.get('annotations')
+    custom_secret_type = spec.get('secretType')
 
     unlock_bw(logger)
 
@@ -48,12 +48,16 @@ def create_managed_secret(spec, name, namespace, logger, body, **kwargs):
     if custom_annotations:
         annotations.update(custom_annotations)
 
+    if not custom_secret_type:
+        custom_secret_type = 'Opaque'
+
     if not labels:
         labels = {}
 
     secret = kubernetes.client.V1Secret()
     secret.metadata = kubernetes.client.V1ObjectMeta(
         name=secret_name, annotations=annotations, labels=labels)
+    secret.type = custom_secret_type
     secret = create_template_secret(logger, secret, filename, template)
 
     # Garbage collection will delete the generated secret if the owner
@@ -85,20 +89,26 @@ def update_managed_secret(
     secret_namespace = spec.get('namespace')
     labels = spec.get('labels')
     custom_annotations = spec.get('annotations')
+    custom_secret_type = spec.get('secretType')
+
+    if not custom_secret_type:
+        custom_secret_type = 'Opaque'
 
     old_config = None
     old_secret_name = None
     old_secret_namespace = None
+    old_secret_type = None
     if 'kopf.zalando.org/last-handled-configuration' in body.metadata.annotations:
         old_config = json.loads(
             body.metadata.annotations['kopf.zalando.org/last-handled-configuration'])
         old_secret_name = old_config['spec'].get('name')
         old_secret_namespace = old_config['spec'].get('namespace')
+        old_secret_type = old_config['spec'].get('type')
     secret_name = spec.get('name')
     secret_namespace = spec.get('namespace')
 
     if old_config is not None and (
-            old_secret_name != secret_name or old_secret_namespace != secret_namespace):
+            old_secret_name != secret_name or old_secret_namespace != secret_namespace or old_secret_type != custom_secret_type):
         # If the name of the secret or the namespace of the secret is different
         # We have to delete the secret an recreate it
         logger.info("Secret name or namespace changed, let's recreate it")
@@ -129,6 +139,7 @@ def update_managed_secret(
     secret = kubernetes.client.V1Secret()
     secret.metadata = kubernetes.client.V1ObjectMeta(
         name=secret_name, annotations=annotations, labels=labels)
+    secret.type = custom_secret_type
     secret = create_template_secret(logger, secret, filename, template)
 
     # Garbage collection will delete the generated secret if the owner