fixed cves in image

Bump kopf from 1.35.6 to 1.36.0

Dockerfile

@@ -9,6 +9,10 @@ RUN cd /tmp && wget https://github.com/bitwarden/clients/releases/download/cli-v
 
 FROM alpine:3.17
 
+ARG PYTHON_VERSION=3.10.9-r1
+ARG PIP_VERSION=22.3.1-r1
+ARG GCOMPAT_VERSION=1.1.0-r0
+
 COPY --from=builder /tmp/bw /usr/local/bin/bw
 COPY requirements.txt requirements.txt
 
@@ -18,7 +22,7 @@ RUN set -eux; \
     mkdir -p /home/bw-operator; \
     chown -R bw-operator /home/bw-operator; \
     chmod +x /usr/local/bin/bw; \
-    apk add gcc musl-dev libstdc++ gcompat python3 py-pip; \
+    apk add gcc musl-dev libstdc++ gcompat=${GCOMPAT_VERSION} python3=${PYTHON_VERSION} py-pip=${PIP_VERSION}; \
     pip install -r requirements.txt --no-warn-script-location; \
     apk del --purge gcc musl-dev libstdc++;
 

README.md

@@ -56,7 +56,7 @@ And you are set to create your first secret using this operator. For that you ne
 
 ```yaml
 ---
-apiVersion: "lerentis.uploadfilter24.eu/v1beta3"
+apiVersion: "lerentis.uploadfilter24.eu/v1beta4"
 kind: BitwardenSecret
 metadata:
   name: name-of-your-management-object
@@ -65,9 +65,11 @@ spec:
     - element:
         secretName: nameOfTheFieldInBitwarden # for example username
         secretRef: nameOfTheKeyInTheSecretToBeCreated 
+        secretScope: login # for custom entries on bitwarden use 'fields' 
     - element:
         secretName: nameOfAnotherFieldInBitwarden # for example password
         secretRef: nameOfAnotherKeyInTheSecretToBeCreated 
+        secretScope: login # for custom entries on bitwarden use 'fields' 
   id: "A Secret ID from bitwarden"
   name: "Name of the secret to be created"
   namespace: "Namespace of the secret to be created"
@@ -96,7 +98,7 @@ For managing registry credentials, or pull secrets, you can create another kind
 
 ```yaml
 ---
-apiVersion: "lerentis.uploadfilter24.eu/v1beta3"
+apiVersion: "lerentis.uploadfilter24.eu/v1beta4"
 kind: RegistryCredential
 metadata:
   name: name-of-your-management-object
@@ -125,6 +127,50 @@ metadata:
 type: dockerconfigjson
 ```
 
+## BitwardenTemplate
+
+One of the more freely defined types that can be used with this operator you can just pass a whole template:
+
+```yaml
+---
+apiVersion: "lerentis.uploadfilter24.eu/v1beta4"
+kind: BitwardenTemplate
+metadata:
+  name: name-of-your-management-object
+spec:
+  filename: "Key of the secret to be created"
+  name: "Name of the secret to be created"
+  namespace: "Namespace of the secret to be created"
+  template: |
+    ---
+    api:
+      enabled: True
+      key: {{ bitwarden_lookup("A Secret ID from bitwarden", "login or fields", "name of a field in bitwarden") }}
+      allowCrossOrigin: false
+      apps:
+        "some.app.identifier:some_version":
+          pubkey: {{ bitwarden_lookup("A Secret ID from bitwarden", "login or fields", "name of a field in bitwarden") }}
+          enabled: true
+```
+
+This will result in something like the following object:
+
+```yaml
+apiVersion: v1
+data:
+  Key of the secret to be created: "base64 encoded and rendered template with secrets injected directly from bitwarden"
+kind: Secret
+metadata:
+  annotations:
+    managed: bitwarden-template.lerentis.uploadfilter24.eu
+    managedObject: namespace/name-of-your-management-object
+  name: Name of the secret to be created
+  namespace: Namespace of the secret to be created
+type: Opaque
+```
+
+please note that the rendering engine for this template is jinja2, with an addition of a custom `bitwarden_lookup` function, so there are more possibilities to inject here.
+
 ## Short Term Roadmap
 
 - [ ] support more types

charts/bitwarden-crd-operator/Chart.yaml

@@ -4,7 +4,7 @@ description: Deploy the Bitwarden CRD Operator
 
 type: application
 
-version: "v0.4.0"
+version: "v0.4.1"
 
 appVersion: "0.4.0"
 
@@ -85,23 +85,17 @@ annotations:
           ---
           api:
             enabled: True
-            key: {{ bitwarden_lookup("466fc4b0-ffca-4444-8d88-b59d4de3d928", "fields", "key") }}
+            key: {{ bitwarden_lookup("aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee", "fields", "key") }}
             allowCrossOrigin: false
             apps:
               "some.app.identifier:some_version":
-                pubkey: {{ bitwarden_lookup("466fc4b0-ffca-4444-8d88-b59d4de3d928", "fields", "public_key") }}
+                pubkey: {{ bitwarden_lookup("aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee", "fields", "public_key") }}
                 enabled: true  
   artifacthub.io/license: MIT
   artifacthub.io/operator: "true"  
   artifacthub.io/changes: |
-    - kind: added
-      description: "Added Template type"
-    - kind: added
-      description: "Added logo"
-    - kind: changed
-      description: "BitwardenSecret now requires a 'secretScope' to be defined. Can eigher be 'login' or 'fields'"
     - kind: fixed
-      description: "fixed hardcoded reference to 'login' even tho secrets could also be in 'fields' scope"
+      description: "Fixed documentation and examples"
   artifacthub.io/images: |
     - name: bitwarden-crd-operator
       image: lerentis/bitwarden-crd-operator:0.4.0

charts/bitwarden-crd-operator/README.md

@@ -4,9 +4,14 @@
 
 Bitwarden CRD Operator is a kubernetes Operator based on [kopf](https://github.com/nolar/kopf/). The goal is to create kubernetes native secret objects from bitwarden.
 
+<p align="center">
+  <img src="https://github.com/Lerentis/bitwarden-crd-operator/blob/main/logo.png?raw=true" alt="Bitwarden CRD Operator Logo" width="200"/>
+</p>
+
 > DISCLAIMER:  
 > This project is still very work in progress :)
 
+
 ## Getting started
 
 You will need a `ClientID` and `ClientSecret` ([where to get these](https://bitwarden.com/help/personal-api-key/)) as well as your password.
@@ -51,7 +56,7 @@ And you are set to create your first secret using this operator. For that you ne
 
 ```yaml
 ---
-apiVersion: "lerentis.uploadfilter24.eu/v1beta3"
+apiVersion: "lerentis.uploadfilter24.eu/v1beta4"
 kind: BitwardenSecret
 metadata:
   name: name-of-your-management-object
@@ -60,9 +65,11 @@ spec:
     - element:
         secretName: nameOfTheFieldInBitwarden # for example username
         secretRef: nameOfTheKeyInTheSecretToBeCreated 
+        secretScope: login # for custom entries on bitwarden use 'fields' 
     - element:
         secretName: nameOfAnotherFieldInBitwarden # for example password
         secretRef: nameOfAnotherKeyInTheSecretToBeCreated 
+        secretScope: login # for custom entries on bitwarden use 'fields' 
   id: "A Secret ID from bitwarden"
   name: "Name of the secret to be created"
   namespace: "Namespace of the secret to be created"
@@ -91,7 +98,7 @@ For managing registry credentials, or pull secrets, you can create another kind
 
 ```yaml
 ---
-apiVersion: "lerentis.uploadfilter24.eu/v1beta3"
+apiVersion: "lerentis.uploadfilter24.eu/v1beta4"
 kind: RegistryCredential
 metadata:
   name: name-of-your-management-object
@@ -120,10 +127,46 @@ metadata:
 type: dockerconfigjson
 ```
 
-## Short Term Roadmap
+## BitwardenTemplate
 
-- [ ] support more types
+One of the more freely defined types that can be used with this operator you can just pass a whole template:
-- [x] offer option to use a existing secret in helm chart
+
-- [x] host chart on gh pages
+```yaml
-- [x] write release pipeline
+---
-- [x] maybe extend spec to offer modification of keys as well
+apiVersion: "lerentis.uploadfilter24.eu/v1beta4"
+kind: BitwardenTemplate
+metadata:
+  name: name-of-your-management-object
+spec:
+  filename: "Key of the secret to be created"
+  name: "Name of the secret to be created"
+  namespace: "Namespace of the secret to be created"
+  template: |
+    ---
+    api:
+      enabled: True
+      key: {{ bitwarden_lookup("A Secret ID from bitwarden", "login or fields", "name of a field in bitwarden") }}
+      allowCrossOrigin: false
+      apps:
+        "some.app.identifier:some_version":
+          pubkey: {{ bitwarden_lookup("A Secret ID from bitwarden", "login or fields", "name of a field in bitwarden") }}
+          enabled: true
+```
+
+This will result in something like the following object:
+
+```yaml
+apiVersion: v1
+data:
+  Key of the secret to be created: "base64 encoded and rendered template with secrets injected directly from bitwarden"
+kind: Secret
+metadata:
+  annotations:
+    managed: bitwarden-template.lerentis.uploadfilter24.eu
+    managedObject: namespace/name-of-your-management-object
+  name: Name of the secret to be created
+  namespace: Namespace of the secret to be created
+type: Opaque
+```
+
+please note that the rendering engine for this template is jinja2, with an addition of a custom `bitwarden_lookup` function, so there are more possibilities to inject here.

requirements.txt

@@ -1,3 +1,3 @@
-kopf==1.35.6
+kopf==1.36.0
 kubernetes==25.3.0
 Jinja2==3.1.2