work in progress to support raw template types
This commit is contained in:
parent
058e9b918f
commit
d8bee2e029
@ -4,9 +4,14 @@
|
||||
|
||||
Bitwarden CRD Operator is a kubernetes Operator based on [kopf](https://github.com/nolar/kopf/). The goal is to create kubernetes native secret objects from bitwarden.
|
||||
|
||||
<p align="center">
|
||||
<img src="logo.png" alt="Bitwarden CRD Operator Logo" width="200"/>
|
||||
</p>
|
||||
|
||||
> DISCLAIMER:
|
||||
> This project is still very work in progress :)
|
||||
|
||||
|
||||
## Getting started
|
||||
|
||||
You will need a `ClientID` and `ClientSecret` ([where to get these](https://bitwarden.com/help/personal-api-key/)) as well as your password.
|
||||
|
@ -4,9 +4,9 @@ description: Deploy the Bitwarden CRD Operator
|
||||
|
||||
type: application
|
||||
|
||||
version: "v0.3.2"
|
||||
version: "v0.4.0"
|
||||
|
||||
appVersion: "0.3.0"
|
||||
appVersion: "0.4.0"
|
||||
|
||||
keywords:
|
||||
- operator
|
||||
@ -69,10 +69,10 @@ annotations:
|
||||
artifacthub.io/license: MIT
|
||||
artifacthub.io/operator: "true"
|
||||
artifacthub.io/changes: |
|
||||
- kind: changed
|
||||
description: "Switched to Alpine image"
|
||||
- kind: added
|
||||
description: "Added CRDs Example to artifactshub"
|
||||
description: "Added Template CRD"
|
||||
- kind: added
|
||||
description: "Added logo"
|
||||
artifacthub.io/images: |
|
||||
- name: bitwarden-crd-operator
|
||||
image: lerentis/bitwarden-crd-operator:0.3.0
|
||||
|
34
charts/bitwarden-crd-operator/crds/template.yaml
Normal file
34
charts/bitwarden-crd-operator/crds/template.yaml
Normal file
@ -0,0 +1,34 @@
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
name: bitwarden-templates.lerentis.uploadfilter24.eu
|
||||
spec:
|
||||
scope: Namespaced
|
||||
group: lerentis.uploadfilter24.eu
|
||||
names:
|
||||
kind: BitwardenTemplate
|
||||
plural: bitwarden-templates
|
||||
singular: bitwarden-template
|
||||
shortNames:
|
||||
- bwt
|
||||
versions:
|
||||
- name: v1beta1
|
||||
served: true
|
||||
storage: true
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
type: object
|
||||
properties:
|
||||
spec:
|
||||
type: object
|
||||
properties:
|
||||
template:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
required:
|
||||
- template
|
||||
- namespace
|
||||
- name
|
@ -4,7 +4,7 @@ metadata:
|
||||
name: {{ include "bitwarden-crd-operator.serviceAccountName" . }}-role
|
||||
rules:
|
||||
- apiGroups: ["lerentis.uploadfilter24.eu"]
|
||||
resources: ["bitwarden-secrets", "registry-credentials"]
|
||||
resources: ["bitwarden-secrets", "registry-credentials", "bitwarden-templates"]
|
||||
verbs: ["get", "watch", "list", "create", "delete", "patch", "update"]
|
||||
- apiGroups: [""]
|
||||
resources: ["secrets"]
|
||||
|
@ -1,2 +1,3 @@
|
||||
kopf==1.35.6
|
||||
kubernetes==25.3.0
|
||||
Jinja2==3.1.2
|
||||
|
@ -1,26 +1,8 @@
|
||||
#!/usr/bin/env python3
|
||||
import kopf
|
||||
import os
|
||||
import subprocess
|
||||
|
||||
def get_secret_from_bitwarden(logger, id):
|
||||
logger.info(f"Locking up secret with ID: {id}")
|
||||
return command_wrapper(logger, f"get item {id}")
|
||||
|
||||
def unlock_bw(logger):
|
||||
token_output = command_wrapper(logger, "unlock --passwordenv BW_PASSWORD")
|
||||
tokens = token_output.split('"')[1::2]
|
||||
os.environ["BW_SESSION"] = tokens[1]
|
||||
logger.info("Signin successful. Session exported")
|
||||
|
||||
def command_wrapper(logger, command):
|
||||
system_env = dict(os.environ)
|
||||
sp = subprocess.Popen([f"bw {command}"], stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True, shell=True, env=system_env)
|
||||
out, err = sp.communicate()
|
||||
if err:
|
||||
logger.warn(f"Error during bw cli invokement: {err}")
|
||||
return out.decode(encoding='UTF-8')
|
||||
|
||||
from utils.utils import command_wrapper, unlock_bw
|
||||
|
||||
@kopf.on.startup()
|
||||
def bitwarden_signin(logger, **kwargs):
|
||||
|
@ -3,7 +3,7 @@ import kubernetes
|
||||
import base64
|
||||
import json
|
||||
|
||||
from bitwardenCrdOperator import unlock_bw, get_secret_from_bitwarden
|
||||
from utils.utils import unlock_bw, get_secret_from_bitwarden
|
||||
|
||||
def create_dockerlogin(logger, secret, secret_json, username_ref, password_ref, registry):
|
||||
secret.type = "dockerconfigjson"
|
||||
|
0
src/filters/__init__.py
Normal file
0
src/filters/__init__.py
Normal file
8
src/filters/bitwarden_filter.py
Normal file
8
src/filters/bitwarden_filter.py
Normal file
@ -0,0 +1,8 @@
|
||||
from utils.utils import get_secret_from_bitwarden
|
||||
|
||||
|
||||
def datetime_format(value, format="%H:%M %d-%m-%y"):
|
||||
return value.strftime(format)
|
||||
|
||||
def bitwarden_lookup(value, id, field):
|
||||
pass
|
@ -3,7 +3,7 @@ import kubernetes
|
||||
import base64
|
||||
import json
|
||||
|
||||
from bitwardenCrdOperator import unlock_bw, get_secret_from_bitwarden
|
||||
from utils.utils import unlock_bw, get_secret_from_bitwarden
|
||||
|
||||
def create_kv(secret, secret_json, content_def):
|
||||
secret.type = "Opaque"
|
||||
|
7
src/template.py
Normal file
7
src/template.py
Normal file
@ -0,0 +1,7 @@
|
||||
import kopf
|
||||
from filters.bitwarden_filter import bitwarden_lookup
|
||||
from jinja2 import Environment
|
||||
|
||||
|
||||
Environment.filters["bitwarden"] = bitwarden_lookup
|
||||
|
0
src/utils/__init__.py
Normal file
0
src/utils/__init__.py
Normal file
20
src/utils/utils.py
Normal file
20
src/utils/utils.py
Normal file
@ -0,0 +1,20 @@
|
||||
import os
|
||||
import subprocess
|
||||
|
||||
def get_secret_from_bitwarden(logger, id):
|
||||
logger.info(f"Locking up secret with ID: {id}")
|
||||
return command_wrapper(logger, f"get item {id}")
|
||||
|
||||
def unlock_bw(logger):
|
||||
token_output = command_wrapper(logger, "unlock --passwordenv BW_PASSWORD")
|
||||
tokens = token_output.split('"')[1::2]
|
||||
os.environ["BW_SESSION"] = tokens[1]
|
||||
logger.info("Signin successful. Session exported")
|
||||
|
||||
def command_wrapper(logger, command):
|
||||
system_env = dict(os.environ)
|
||||
sp = subprocess.Popen([f"bw {command}"], stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True, shell=True, env=system_env)
|
||||
out, err = sp.communicate()
|
||||
if err:
|
||||
logger.warn(f"Error during bw cli invokement: {err}")
|
||||
return out.decode(encoding='UTF-8')
|
Loading…
Reference in New Issue
Block a user