work in progress to support raw template types
This commit is contained in:
parent
058e9b918f
commit
d8bee2e029
@ -4,9 +4,14 @@
|
|||||||
|
|
||||||
Bitwarden CRD Operator is a kubernetes Operator based on [kopf](https://github.com/nolar/kopf/). The goal is to create kubernetes native secret objects from bitwarden.
|
Bitwarden CRD Operator is a kubernetes Operator based on [kopf](https://github.com/nolar/kopf/). The goal is to create kubernetes native secret objects from bitwarden.
|
||||||
|
|
||||||
|
<p align="center">
|
||||||
|
<img src="logo.png" alt="Bitwarden CRD Operator Logo" width="200"/>
|
||||||
|
</p>
|
||||||
|
|
||||||
> DISCLAIMER:
|
> DISCLAIMER:
|
||||||
> This project is still very work in progress :)
|
> This project is still very work in progress :)
|
||||||
|
|
||||||
|
|
||||||
## Getting started
|
## Getting started
|
||||||
|
|
||||||
You will need a `ClientID` and `ClientSecret` ([where to get these](https://bitwarden.com/help/personal-api-key/)) as well as your password.
|
You will need a `ClientID` and `ClientSecret` ([where to get these](https://bitwarden.com/help/personal-api-key/)) as well as your password.
|
||||||
|
@ -4,9 +4,9 @@ description: Deploy the Bitwarden CRD Operator
|
|||||||
|
|
||||||
type: application
|
type: application
|
||||||
|
|
||||||
version: "v0.3.2"
|
version: "v0.4.0"
|
||||||
|
|
||||||
appVersion: "0.3.0"
|
appVersion: "0.4.0"
|
||||||
|
|
||||||
keywords:
|
keywords:
|
||||||
- operator
|
- operator
|
||||||
@ -69,10 +69,10 @@ annotations:
|
|||||||
artifacthub.io/license: MIT
|
artifacthub.io/license: MIT
|
||||||
artifacthub.io/operator: "true"
|
artifacthub.io/operator: "true"
|
||||||
artifacthub.io/changes: |
|
artifacthub.io/changes: |
|
||||||
- kind: changed
|
|
||||||
description: "Switched to Alpine image"
|
|
||||||
- kind: added
|
- kind: added
|
||||||
description: "Added CRDs Example to artifactshub"
|
description: "Added Template CRD"
|
||||||
|
- kind: added
|
||||||
|
description: "Added logo"
|
||||||
artifacthub.io/images: |
|
artifacthub.io/images: |
|
||||||
- name: bitwarden-crd-operator
|
- name: bitwarden-crd-operator
|
||||||
image: lerentis/bitwarden-crd-operator:0.3.0
|
image: lerentis/bitwarden-crd-operator:0.3.0
|
||||||
|
34
charts/bitwarden-crd-operator/crds/template.yaml
Normal file
34
charts/bitwarden-crd-operator/crds/template.yaml
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
apiVersion: apiextensions.k8s.io/v1
|
||||||
|
kind: CustomResourceDefinition
|
||||||
|
metadata:
|
||||||
|
name: bitwarden-templates.lerentis.uploadfilter24.eu
|
||||||
|
spec:
|
||||||
|
scope: Namespaced
|
||||||
|
group: lerentis.uploadfilter24.eu
|
||||||
|
names:
|
||||||
|
kind: BitwardenTemplate
|
||||||
|
plural: bitwarden-templates
|
||||||
|
singular: bitwarden-template
|
||||||
|
shortNames:
|
||||||
|
- bwt
|
||||||
|
versions:
|
||||||
|
- name: v1beta1
|
||||||
|
served: true
|
||||||
|
storage: true
|
||||||
|
schema:
|
||||||
|
openAPIV3Schema:
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
spec:
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
template:
|
||||||
|
type: string
|
||||||
|
namespace:
|
||||||
|
type: string
|
||||||
|
name:
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- template
|
||||||
|
- namespace
|
||||||
|
- name
|
@ -4,7 +4,7 @@ metadata:
|
|||||||
name: {{ include "bitwarden-crd-operator.serviceAccountName" . }}-role
|
name: {{ include "bitwarden-crd-operator.serviceAccountName" . }}-role
|
||||||
rules:
|
rules:
|
||||||
- apiGroups: ["lerentis.uploadfilter24.eu"]
|
- apiGroups: ["lerentis.uploadfilter24.eu"]
|
||||||
resources: ["bitwarden-secrets", "registry-credentials"]
|
resources: ["bitwarden-secrets", "registry-credentials", "bitwarden-templates"]
|
||||||
verbs: ["get", "watch", "list", "create", "delete", "patch", "update"]
|
verbs: ["get", "watch", "list", "create", "delete", "patch", "update"]
|
||||||
- apiGroups: [""]
|
- apiGroups: [""]
|
||||||
resources: ["secrets"]
|
resources: ["secrets"]
|
||||||
|
@ -1,2 +1,3 @@
|
|||||||
kopf==1.35.6
|
kopf==1.35.6
|
||||||
kubernetes==25.3.0
|
kubernetes==25.3.0
|
||||||
|
Jinja2==3.1.2
|
||||||
|
@ -1,26 +1,8 @@
|
|||||||
#!/usr/bin/env python3
|
#!/usr/bin/env python3
|
||||||
import kopf
|
import kopf
|
||||||
import os
|
import os
|
||||||
import subprocess
|
|
||||||
|
|
||||||
def get_secret_from_bitwarden(logger, id):
|
|
||||||
logger.info(f"Locking up secret with ID: {id}")
|
|
||||||
return command_wrapper(logger, f"get item {id}")
|
|
||||||
|
|
||||||
def unlock_bw(logger):
|
|
||||||
token_output = command_wrapper(logger, "unlock --passwordenv BW_PASSWORD")
|
|
||||||
tokens = token_output.split('"')[1::2]
|
|
||||||
os.environ["BW_SESSION"] = tokens[1]
|
|
||||||
logger.info("Signin successful. Session exported")
|
|
||||||
|
|
||||||
def command_wrapper(logger, command):
|
|
||||||
system_env = dict(os.environ)
|
|
||||||
sp = subprocess.Popen([f"bw {command}"], stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True, shell=True, env=system_env)
|
|
||||||
out, err = sp.communicate()
|
|
||||||
if err:
|
|
||||||
logger.warn(f"Error during bw cli invokement: {err}")
|
|
||||||
return out.decode(encoding='UTF-8')
|
|
||||||
|
|
||||||
|
from utils.utils import command_wrapper, unlock_bw
|
||||||
|
|
||||||
@kopf.on.startup()
|
@kopf.on.startup()
|
||||||
def bitwarden_signin(logger, **kwargs):
|
def bitwarden_signin(logger, **kwargs):
|
||||||
|
@ -3,7 +3,7 @@ import kubernetes
|
|||||||
import base64
|
import base64
|
||||||
import json
|
import json
|
||||||
|
|
||||||
from bitwardenCrdOperator import unlock_bw, get_secret_from_bitwarden
|
from utils.utils import unlock_bw, get_secret_from_bitwarden
|
||||||
|
|
||||||
def create_dockerlogin(logger, secret, secret_json, username_ref, password_ref, registry):
|
def create_dockerlogin(logger, secret, secret_json, username_ref, password_ref, registry):
|
||||||
secret.type = "dockerconfigjson"
|
secret.type = "dockerconfigjson"
|
||||||
|
0
src/filters/__init__.py
Normal file
0
src/filters/__init__.py
Normal file
8
src/filters/bitwarden_filter.py
Normal file
8
src/filters/bitwarden_filter.py
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
from utils.utils import get_secret_from_bitwarden
|
||||||
|
|
||||||
|
|
||||||
|
def datetime_format(value, format="%H:%M %d-%m-%y"):
|
||||||
|
return value.strftime(format)
|
||||||
|
|
||||||
|
def bitwarden_lookup(value, id, field):
|
||||||
|
pass
|
@ -3,7 +3,7 @@ import kubernetes
|
|||||||
import base64
|
import base64
|
||||||
import json
|
import json
|
||||||
|
|
||||||
from bitwardenCrdOperator import unlock_bw, get_secret_from_bitwarden
|
from utils.utils import unlock_bw, get_secret_from_bitwarden
|
||||||
|
|
||||||
def create_kv(secret, secret_json, content_def):
|
def create_kv(secret, secret_json, content_def):
|
||||||
secret.type = "Opaque"
|
secret.type = "Opaque"
|
||||||
|
7
src/template.py
Normal file
7
src/template.py
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
import kopf
|
||||||
|
from filters.bitwarden_filter import bitwarden_lookup
|
||||||
|
from jinja2 import Environment
|
||||||
|
|
||||||
|
|
||||||
|
Environment.filters["bitwarden"] = bitwarden_lookup
|
||||||
|
|
0
src/utils/__init__.py
Normal file
0
src/utils/__init__.py
Normal file
20
src/utils/utils.py
Normal file
20
src/utils/utils.py
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
import os
|
||||||
|
import subprocess
|
||||||
|
|
||||||
|
def get_secret_from_bitwarden(logger, id):
|
||||||
|
logger.info(f"Locking up secret with ID: {id}")
|
||||||
|
return command_wrapper(logger, f"get item {id}")
|
||||||
|
|
||||||
|
def unlock_bw(logger):
|
||||||
|
token_output = command_wrapper(logger, "unlock --passwordenv BW_PASSWORD")
|
||||||
|
tokens = token_output.split('"')[1::2]
|
||||||
|
os.environ["BW_SESSION"] = tokens[1]
|
||||||
|
logger.info("Signin successful. Session exported")
|
||||||
|
|
||||||
|
def command_wrapper(logger, command):
|
||||||
|
system_env = dict(os.environ)
|
||||||
|
sp = subprocess.Popen([f"bw {command}"], stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True, shell=True, env=system_env)
|
||||||
|
out, err = sp.communicate()
|
||||||
|
if err:
|
||||||
|
logger.warn(f"Error during bw cli invokement: {err}")
|
||||||
|
return out.decode(encoding='UTF-8')
|
Loading…
Reference in New Issue
Block a user