From 5806fb6c54c024ec918eac97601880096b5ff1d9 Mon Sep 17 00:00:00 2001 From: Tobias Trabelsi Date: Mon, 3 Oct 2022 15:36:05 +0200 Subject: [PATCH] implemented modification of keys via crd --- README.md | 16 ++++++--- bitwarden-crd-operator.py | 34 +++++++++++-------- .../crds/bitwarden-secrets.yaml | 2 +- example.yaml | 2 +- 4 files changed, 33 insertions(+), 21 deletions(-) diff --git a/README.md b/README.md index 01f11f0..715e26d 100644 --- a/README.md +++ b/README.md @@ -39,12 +39,18 @@ And you are set to create your first secret using this operator. For that you ne ```yaml --- -apiVersion: "lerentis.uploadfilter24.eu/v1beta1" +apiVersion: "lerentis.uploadfilter24.eu/v1beta2" kind: BitwardenSecret metadata: name: name-of-your-management-object spec: - type: "UsernamePassword" + content: + - element: + secretName: nameOfTheFieldInBitwarden # for example username + secretRef: nameOfTheKeyInTheSecretToBeCreated + - element: + secretName: nameOfAnotherFieldInBitwarden # for example password + secretRef: nameOfAnotherKeyInTheSecretToBeCreated id: "A Secret ID from bitwarden" name: "Name of the secret to be created" namespace: "Namespace of the secret to be created" @@ -55,8 +61,8 @@ The ID can be extracted from the browser when you open a item the ID is in the U ```yaml apiVersion: v1 data: - password: "base64 encoded password" - username: "base64 encoded username" + nameOfTheKeyInTheSecretToBeCreated: "base64 encoded value of TheFieldInBitwarden" + nameOfAnotherKeyInTheSecretToBeCreated: "base64 encoded value of AnotherFieldInBitwarden" kind: Secret metadata: annotations: @@ -73,4 +79,4 @@ type: Opaque [] offer option to use a existing secret in helm chart [] host chart on gh pages [] write release pipeline -[] maybe extend spec to offer modification of keys as well +[x] maybe extend spec to offer modification of keys as well diff --git a/bitwarden-crd-operator.py b/bitwarden-crd-operator.py index 22ee302..f038d42 100755 --- a/bitwarden-crd-operator.py +++ b/bitwarden-crd-operator.py @@ -35,14 +35,9 @@ def bitwarden_signin(logger, **kwargs): unlock_bw(logger) @kopf.on.create('bitwarden-secrets.lerentis.uploadfilter24.eu') -def create_fn(spec, name, namespace, logger, body, **kwargs): - - logger.info(f"Type of spec: {type(body)}") - scope = body['spec']['scope'] - logger.info(f"spec: {scope}") - - +def create_managed_secret(spec, name, namespace, logger, body, **kwargs): + content_def = body['spec']['content'] id = spec.get('id') secret_name = spec.get('name') secret_namespace = spec.get('namespace') @@ -61,12 +56,15 @@ def create_fn(spec, name, namespace, logger, body, **kwargs): secret.metadata = kubernetes.client.V1ObjectMeta(name=secret_name, annotations=annotations) secret.type = "Opaque" secret.data = {} - for elemw in scope: - for k, elem in elemw.items(): + for eleml in content_def: + for k, elem in eleml.items(): for key,value in elem.items(): - logger.info(f"key: {key} value: {value}") - secret.data["username"] = str(base64.b64encode(secret_json_object["login"]["username"].encode("utf-8")), "utf-8") - secret.data["password"] = str(base64.b64encode(secret_json_object["login"]["password"].encode("utf-8")), "utf-8") + if key == "secretName": + _secret_key = value + if key == "secretRef": + _secret_ref = value + + secret.data[_secret_ref] = str(base64.b64encode(secret_json_object["login"][_secret_key].encode("utf-8")), "utf-8") obj = api.create_namespaced_secret( secret_namespace, secret @@ -80,5 +78,13 @@ def my_handler(spec, old, new, diff, **_): pass @kopf.on.delete('bitwarden-secrets.lerentis.uploadfilter24.eu') -def my_handler(spec, name, namespace, logger, **kwargs): - pass \ No newline at end of file +def delete_managed_secret(spec, name, namespace, logger, **kwargs): + secret_name = spec.get('name') + secret_namespace = spec.get('namespace') + api = kubernetes.client.CoreV1Api() + + try: + api.delete_namespaced_secret(secret_name, secret_namespace) + logger.info(f"Secret {secret_namespace}/{secret_name} has been deleted") + except: + logger.warn(f"Could not delete secret {secret_namespace}/{secret_name}!") diff --git a/chart/bitwarden-crd-operator/crds/bitwarden-secrets.yaml b/chart/bitwarden-crd-operator/crds/bitwarden-secrets.yaml index 108efec..7460250 100644 --- a/chart/bitwarden-crd-operator/crds/bitwarden-secrets.yaml +++ b/chart/bitwarden-crd-operator/crds/bitwarden-secrets.yaml @@ -22,7 +22,7 @@ spec: spec: type: object properties: - scope: + content: type: array items: type: object diff --git a/example.yaml b/example.yaml index 784bf0c..9d124f3 100644 --- a/example.yaml +++ b/example.yaml @@ -4,7 +4,7 @@ kind: BitwardenSecret metadata: name: test spec: - scope: + content: - element: secretName: username secretRef: nameofUser