work in progress to support raw template types

This commit is contained in:
Tobias Trabelsi 2022-11-26 13:49:57 +01:00
parent 058e9b918f
commit d8bee2e029
Signed by: lerentis
GPG Key ID: FF0C2839718CAF2E
14 changed files with 84 additions and 27 deletions

View File

@ -4,9 +4,14 @@
Bitwarden CRD Operator is a kubernetes Operator based on [kopf](https://github.com/nolar/kopf/). The goal is to create kubernetes native secret objects from bitwarden.
<p align="center">
<img src="logo.png" alt="Bitwarden CRD Operator Logo" width="200"/>
</p>
> DISCLAIMER:
> This project is still very work in progress :)
## Getting started
You will need a `ClientID` and `ClientSecret` ([where to get these](https://bitwarden.com/help/personal-api-key/)) as well as your password.

View File

@ -4,9 +4,9 @@ description: Deploy the Bitwarden CRD Operator
type: application
version: "v0.3.2"
version: "v0.4.0"
appVersion: "0.3.0"
appVersion: "0.4.0"
keywords:
- operator
@ -69,10 +69,10 @@ annotations:
artifacthub.io/license: MIT
artifacthub.io/operator: "true"
artifacthub.io/changes: |
- kind: changed
description: "Switched to Alpine image"
- kind: added
description: "Added CRDs Example to artifactshub"
description: "Added Template CRD"
- kind: added
description: "Added logo"
artifacthub.io/images: |
- name: bitwarden-crd-operator
image: lerentis/bitwarden-crd-operator:0.3.0

View File

@ -0,0 +1,34 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: bitwarden-templates.lerentis.uploadfilter24.eu
spec:
scope: Namespaced
group: lerentis.uploadfilter24.eu
names:
kind: BitwardenTemplate
plural: bitwarden-templates
singular: bitwarden-template
shortNames:
- bwt
versions:
- name: v1beta1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
template:
type: string
namespace:
type: string
name:
type: string
required:
- template
- namespace
- name

View File

@ -4,7 +4,7 @@ metadata:
name: {{ include "bitwarden-crd-operator.serviceAccountName" . }}-role
rules:
- apiGroups: ["lerentis.uploadfilter24.eu"]
resources: ["bitwarden-secrets", "registry-credentials"]
resources: ["bitwarden-secrets", "registry-credentials", "bitwarden-templates"]
verbs: ["get", "watch", "list", "create", "delete", "patch", "update"]
- apiGroups: [""]
resources: ["secrets"]

BIN
logo.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 31 KiB

View File

@ -1,2 +1,3 @@
kopf==1.35.6
kubernetes==25.3.0
Jinja2==3.1.2

View File

@ -1,26 +1,8 @@
#!/usr/bin/env python3
import kopf
import os
import subprocess
def get_secret_from_bitwarden(logger, id):
logger.info(f"Locking up secret with ID: {id}")
return command_wrapper(logger, f"get item {id}")
def unlock_bw(logger):
token_output = command_wrapper(logger, "unlock --passwordenv BW_PASSWORD")
tokens = token_output.split('"')[1::2]
os.environ["BW_SESSION"] = tokens[1]
logger.info("Signin successful. Session exported")
def command_wrapper(logger, command):
system_env = dict(os.environ)
sp = subprocess.Popen([f"bw {command}"], stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True, shell=True, env=system_env)
out, err = sp.communicate()
if err:
logger.warn(f"Error during bw cli invokement: {err}")
return out.decode(encoding='UTF-8')
from utils.utils import command_wrapper, unlock_bw
@kopf.on.startup()
def bitwarden_signin(logger, **kwargs):

View File

@ -3,7 +3,7 @@ import kubernetes
import base64
import json
from bitwardenCrdOperator import unlock_bw, get_secret_from_bitwarden
from utils.utils import unlock_bw, get_secret_from_bitwarden
def create_dockerlogin(logger, secret, secret_json, username_ref, password_ref, registry):
secret.type = "dockerconfigjson"

0
src/filters/__init__.py Normal file
View File

View File

@ -0,0 +1,8 @@
from utils.utils import get_secret_from_bitwarden
def datetime_format(value, format="%H:%M %d-%m-%y"):
return value.strftime(format)
def bitwarden_lookup(value, id, field):
pass

View File

@ -3,7 +3,7 @@ import kubernetes
import base64
import json
from bitwardenCrdOperator import unlock_bw, get_secret_from_bitwarden
from utils.utils import unlock_bw, get_secret_from_bitwarden
def create_kv(secret, secret_json, content_def):
secret.type = "Opaque"

7
src/template.py Normal file
View File

@ -0,0 +1,7 @@
import kopf
from filters.bitwarden_filter import bitwarden_lookup
from jinja2 import Environment
Environment.filters["bitwarden"] = bitwarden_lookup

0
src/utils/__init__.py Normal file
View File

20
src/utils/utils.py Normal file
View File

@ -0,0 +1,20 @@
import os
import subprocess
def get_secret_from_bitwarden(logger, id):
logger.info(f"Locking up secret with ID: {id}")
return command_wrapper(logger, f"get item {id}")
def unlock_bw(logger):
token_output = command_wrapper(logger, "unlock --passwordenv BW_PASSWORD")
tokens = token_output.split('"')[1::2]
os.environ["BW_SESSION"] = tokens[1]
logger.info("Signin successful. Session exported")
def command_wrapper(logger, command):
system_env = dict(os.environ)
sp = subprocess.Popen([f"bw {command}"], stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True, shell=True, env=system_env)
out, err = sp.communicate()
if err:
logger.warn(f"Error during bw cli invokement: {err}")
return out.decode(encoding='UTF-8')