From 7d6b7b9a1aa604e1f8ae0e85264288b75562ff8f Mon Sep 17 00:00:00 2001 From: lerentis Date: Mon, 3 Oct 2022 14:00:11 +0000 Subject: [PATCH] free-key-value-definition (#1) Reviewed-on: https://git.uploadfilter24.eu/lerentis/bitwarden-crd-operator/pulls/1 --- README.md | 16 +++++++--- bitwarden-crd-operator.py | 32 ++++++++++++++----- .../crds/bitwarden-secrets.yaml | 23 ++++++++++--- example.yaml | 12 +++++-- 4 files changed, 63 insertions(+), 20 deletions(-) diff --git a/README.md b/README.md index 01f11f0..715e26d 100644 --- a/README.md +++ b/README.md @@ -39,12 +39,18 @@ And you are set to create your first secret using this operator. For that you ne ```yaml --- -apiVersion: "lerentis.uploadfilter24.eu/v1beta1" +apiVersion: "lerentis.uploadfilter24.eu/v1beta2" kind: BitwardenSecret metadata: name: name-of-your-management-object spec: - type: "UsernamePassword" + content: + - element: + secretName: nameOfTheFieldInBitwarden # for example username + secretRef: nameOfTheKeyInTheSecretToBeCreated + - element: + secretName: nameOfAnotherFieldInBitwarden # for example password + secretRef: nameOfAnotherKeyInTheSecretToBeCreated id: "A Secret ID from bitwarden" name: "Name of the secret to be created" namespace: "Namespace of the secret to be created" @@ -55,8 +61,8 @@ The ID can be extracted from the browser when you open a item the ID is in the U ```yaml apiVersion: v1 data: - password: "base64 encoded password" - username: "base64 encoded username" + nameOfTheKeyInTheSecretToBeCreated: "base64 encoded value of TheFieldInBitwarden" + nameOfAnotherKeyInTheSecretToBeCreated: "base64 encoded value of AnotherFieldInBitwarden" kind: Secret metadata: annotations: @@ -73,4 +79,4 @@ type: Opaque [] offer option to use a existing secret in helm chart [] host chart on gh pages [] write release pipeline -[] maybe extend spec to offer modification of keys as well +[x] maybe extend spec to offer modification of keys as well diff --git a/bitwarden-crd-operator.py b/bitwarden-crd-operator.py index dd0ff04..f038d42 100755 --- a/bitwarden-crd-operator.py +++ b/bitwarden-crd-operator.py @@ -6,6 +6,8 @@ import os import subprocess import json +from pprint import pprint + def get_secret_from_bitwarden(logger, id): return command_wrapper(logger, f"get item {id}") @@ -33,9 +35,9 @@ def bitwarden_signin(logger, **kwargs): unlock_bw(logger) @kopf.on.create('bitwarden-secrets.lerentis.uploadfilter24.eu') -def create_fn(spec, name, namespace, logger, **kwargs): +def create_managed_secret(spec, name, namespace, logger, body, **kwargs): - type = spec.get('type') + content_def = body['spec']['content'] id = spec.get('id') secret_name = spec.get('name') secret_namespace = spec.get('namespace') @@ -53,10 +55,16 @@ def create_fn(spec, name, namespace, logger, **kwargs): secret = kubernetes.client.V1Secret() secret.metadata = kubernetes.client.V1ObjectMeta(name=secret_name, annotations=annotations) secret.type = "Opaque" - secret.data = { - 'username': str(base64.b64encode(secret_json_object["login"]["username"].encode("utf-8")), "utf-8"), - 'password': str(base64.b64encode(secret_json_object["login"]["password"].encode("utf-8")), "utf-8") - } + secret.data = {} + for eleml in content_def: + for k, elem in eleml.items(): + for key,value in elem.items(): + if key == "secretName": + _secret_key = value + if key == "secretRef": + _secret_ref = value + + secret.data[_secret_ref] = str(base64.b64encode(secret_json_object["login"][_secret_key].encode("utf-8")), "utf-8") obj = api.create_namespaced_secret( secret_namespace, secret @@ -70,5 +78,13 @@ def my_handler(spec, old, new, diff, **_): pass @kopf.on.delete('bitwarden-secrets.lerentis.uploadfilter24.eu') -def my_handler(spec, name, namespace, logger, **kwargs): - pass \ No newline at end of file +def delete_managed_secret(spec, name, namespace, logger, **kwargs): + secret_name = spec.get('name') + secret_namespace = spec.get('namespace') + api = kubernetes.client.CoreV1Api() + + try: + api.delete_namespaced_secret(secret_name, secret_namespace) + logger.info(f"Secret {secret_namespace}/{secret_name} has been deleted") + except: + logger.warn(f"Could not delete secret {secret_namespace}/{secret_name}!") diff --git a/chart/bitwarden-crd-operator/crds/bitwarden-secrets.yaml b/chart/bitwarden-crd-operator/crds/bitwarden-secrets.yaml index cfa1d7c..7460250 100644 --- a/chart/bitwarden-crd-operator/crds/bitwarden-secrets.yaml +++ b/chart/bitwarden-crd-operator/crds/bitwarden-secrets.yaml @@ -12,7 +12,7 @@ spec: shortNames: - bws versions: - - name: v1beta1 + - name: v1beta2 served: true storage: true schema: @@ -22,12 +22,27 @@ spec: spec: type: object properties: - type: - type: string + content: + type: array + items: + type: object + properties: + element: + type: object + properties: + secretName: + type: string + secretRef: + type: string + required: + - secretName id: type: string namespace: type: string name: type: string - + required: + - id + - namespace + - name diff --git a/example.yaml b/example.yaml index 5b1e9e8..9d124f3 100644 --- a/example.yaml +++ b/example.yaml @@ -1,10 +1,16 @@ --- -apiVersion: "lerentis.uploadfilter24.eu/v1beta1" +apiVersion: "lerentis.uploadfilter24.eu/v1beta2" kind: BitwardenSecret metadata: name: test spec: - type: "password" - id: "123456" + content: + - element: + secretName: username + secretRef: nameofUser + - element: + secretName: password + secretRef: passwordOfUser + id: "88781348-c81c-4367-9801-550360c21295" name: "test-secret" namespace: "default" \ No newline at end of file