From c2116c24ec5fbe10c6715576f2e8b56ae07ae3d1 Mon Sep 17 00:00:00 2001
From: Thibault Cohen <47721+titilambert@users.noreply.github.com>
Date: Wed, 18 Jan 2023 21:12:13 -0500
Subject: [PATCH 1/4] Handle secret name/namespace edition

---
 src/kv.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/kv.py b/src/kv.py
index 1de6c9a..409b929 100644
--- a/src/kv.py
+++ b/src/kv.py
@@ -64,9 +64,20 @@ def update_managed_secret(spec, status, name, namespace, logger, body, **kwargs)
 
     content_def = body['spec']['content']
     id = spec.get('id')
+    old_config = json.loads(body.metadata.annotations['kopf.zalando.org/last-handled-configuration'])
+    old_secret_name = old_config['spec'].get('name')
+    old_secret_namespace = old_config['spec'].get('namespace')
     secret_name = spec.get('name')
     secret_namespace = spec.get('namespace')
 
+    if old_secret_name != secret_name or old_secret_namespace != secret_namespace:
+        # If the name of the secret or the namespace of the secret is different
+        # We have to delete the secret an recreate it
+        logger.info("Secret name or namespace changed, let's recreate it")
+        delete_managed_secret(old_config['spec'], name, namespace, logger, **kwargs)
+        create_managed_secret(spec, name, namespace, logger, body, **kwargs)
+        return
+
     unlock_bw(logger)
     logger.info(f"Locking up secret with ID: {id}")
     secret_json_object = json.loads(get_secret_from_bitwarden(id))

From 41d4959422269f0b550c23afb33b1e8c1ab0ea66 Mon Sep 17 00:00:00 2001
From: Thibault Cohen <47721+titilambert@users.noreply.github.com>
Date: Thu, 19 Jan 2023 20:17:53 -0500
Subject: [PATCH 2/4] Raise error when fields is not present or empty

---
 src/kv.py | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/kv.py b/src/kv.py
index 409b929..c5d3e0c 100644
--- a/src/kv.py
+++ b/src/kv.py
@@ -19,11 +19,17 @@ def create_kv(secret, secret_json, content_def):
                 if key == "secretScope":
                     _secret_scope = value
             if _secret_scope == "login":
+                value = parse_login_scope(secret_json, _secret_key)
+                if value is None:
+                    raise Exception(f"Field {_secret_key} has no value in bitwarden secret")
                 secret.data[_secret_ref] = str(base64.b64encode(
-                    parse_login_scope(secret_json, _secret_key).encode("utf-8")), "utf-8")
+                    value.encode("utf-8")), "utf-8")
             if _secret_scope == "fields":
+                value = parse_fields_scope(secret_json, _secret_key)
+                if value is None:
+                    raise Exception(f"Field {_secret_key} has no value in bitwarden secret")
                 secret.data[_secret_ref] = str(base64.b64encode(
-                    parse_fields_scope(secret_json, _secret_key).encode("utf-8")), "utf-8")
+                    value.encode("utf-8")), "utf-8")
     return secret
 
 

From 48bc42297443d06d1afb61c06bd8df7d94643fcc Mon Sep 17 00:00:00 2001
From: Thibault Cohen <47721+titilambert@users.noreply.github.com>
Date: Thu, 19 Jan 2023 20:43:25 -0500
Subject: [PATCH 3/4] Fix new secret

---
 src/kv.py | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/kv.py b/src/kv.py
index c5d3e0c..5428a55 100644
--- a/src/kv.py
+++ b/src/kv.py
@@ -70,13 +70,17 @@ def update_managed_secret(spec, status, name, namespace, logger, body, **kwargs)
 
     content_def = body['spec']['content']
     id = spec.get('id')
-    old_config = json.loads(body.metadata.annotations['kopf.zalando.org/last-handled-configuration'])
-    old_secret_name = old_config['spec'].get('name')
-    old_secret_namespace = old_config['spec'].get('namespace')
+    old_config = None
+    old_secret_name = None
+    old_secret_namespace = None
+    if 'kopf.zalando.org/last-handled-configuration' in body.metadata.annotations:
+        old_config = json.loads(body.metadata.annotations['kopf.zalando.org/last-handled-configuration'])
+        old_secret_name = old_config['spec'].get('name')
+        old_secret_namespace = old_config['spec'].get('namespace')
     secret_name = spec.get('name')
     secret_namespace = spec.get('namespace')
 
-    if old_secret_name != secret_name or old_secret_namespace != secret_namespace:
+    if old_config is not None and (old_secret_name != secret_name or old_secret_namespace != secret_namespace):
         # If the name of the secret or the namespace of the secret is different
         # We have to delete the secret an recreate it
         logger.info("Secret name or namespace changed, let's recreate it")

From f4d05fdd0f5c602bde1e3821128ba72e84605b18 Mon Sep 17 00:00:00 2001
From: Thibault Cohen <47721+titilambert@users.noreply.github.com>
Date: Thu, 19 Jan 2023 20:57:06 -0500
Subject: [PATCH 4/4] Improve stability when there is no fields

---
 src/utils/utils.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/utils/utils.py b/src/utils/utils.py
index dd65b55..3d4a69c 100644
--- a/src/utils/utils.py
+++ b/src/utils/utils.py
@@ -31,6 +31,8 @@ def parse_login_scope(secret_json, key):
     return secret_json["login"][key]
 
 def parse_fields_scope(secret_json, key):
+    if "fields" not in secret_json:
+        return None
     for entry in secret_json["fields"]:
         if entry['name'] == key:
             return entry['value']