Compare commits

...

5 Commits

Author SHA1 Message Date
Tobias Trabelsi
4e23b67f5d
Merge pull request #9 from titilambert/improve_edition
All checks were successful
continuous-integration/drone/push Build is passing
2023-01-21 23:33:39 +01:00
Thibault Cohen
f4d05fdd0f Improve stability when there is no fields 2023-01-19 20:57:06 -05:00
Thibault Cohen
48bc422974 Fix new secret 2023-01-19 20:43:25 -05:00
Thibault Cohen
41d4959422 Raise error when fields is not present or empty 2023-01-19 20:17:53 -05:00
Thibault Cohen
c2116c24ec Handle secret name/namespace edition 2023-01-19 20:15:47 -05:00
2 changed files with 25 additions and 2 deletions

View File

@ -19,11 +19,17 @@ def create_kv(secret, secret_json, content_def):
if key == "secretScope": if key == "secretScope":
_secret_scope = value _secret_scope = value
if _secret_scope == "login": if _secret_scope == "login":
value = parse_login_scope(secret_json, _secret_key)
if value is None:
raise Exception(f"Field {_secret_key} has no value in bitwarden secret")
secret.data[_secret_ref] = str(base64.b64encode( secret.data[_secret_ref] = str(base64.b64encode(
parse_login_scope(secret_json, _secret_key).encode("utf-8")), "utf-8") value.encode("utf-8")), "utf-8")
if _secret_scope == "fields": if _secret_scope == "fields":
value = parse_fields_scope(secret_json, _secret_key)
if value is None:
raise Exception(f"Field {_secret_key} has no value in bitwarden secret")
secret.data[_secret_ref] = str(base64.b64encode( secret.data[_secret_ref] = str(base64.b64encode(
parse_fields_scope(secret_json, _secret_key).encode("utf-8")), "utf-8") value.encode("utf-8")), "utf-8")
return secret return secret
@ -64,9 +70,24 @@ def update_managed_secret(spec, status, name, namespace, logger, body, **kwargs)
content_def = body['spec']['content'] content_def = body['spec']['content']
id = spec.get('id') id = spec.get('id')
old_config = None
old_secret_name = None
old_secret_namespace = None
if 'kopf.zalando.org/last-handled-configuration' in body.metadata.annotations:
old_config = json.loads(body.metadata.annotations['kopf.zalando.org/last-handled-configuration'])
old_secret_name = old_config['spec'].get('name')
old_secret_namespace = old_config['spec'].get('namespace')
secret_name = spec.get('name') secret_name = spec.get('name')
secret_namespace = spec.get('namespace') secret_namespace = spec.get('namespace')
if old_config is not None and (old_secret_name != secret_name or old_secret_namespace != secret_namespace):
# If the name of the secret or the namespace of the secret is different
# We have to delete the secret an recreate it
logger.info("Secret name or namespace changed, let's recreate it")
delete_managed_secret(old_config['spec'], name, namespace, logger, **kwargs)
create_managed_secret(spec, name, namespace, logger, body, **kwargs)
return
unlock_bw(logger) unlock_bw(logger)
logger.info(f"Locking up secret with ID: {id}") logger.info(f"Locking up secret with ID: {id}")
secret_json_object = json.loads(get_secret_from_bitwarden(id)) secret_json_object = json.loads(get_secret_from_bitwarden(id))

View File

@ -31,6 +31,8 @@ def parse_login_scope(secret_json, key):
return secret_json["login"][key] return secret_json["login"][key]
def parse_fields_scope(secret_json, key): def parse_fields_scope(secret_json, key):
if "fields" not in secret_json:
return None
for entry in secret_json["fields"]: for entry in secret_json["fields"]:
if entry['name'] == key: if entry['name'] == key:
return entry['value'] return entry['value']