lerentis/bitwarden-crd-operator
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 18 Wiki Activity

Compare commits

base: lerentis:Lerentis/issue60
Branches Tags
lerentis:main lerentis:feature/kubebuilder lerentis:Lerentis/issue60 lerentis:Lerentis/issue29 lerentis:Lerentis/issue25 lerentis:gh-pages
lerentis:0.6.4 lerentis:v0.6.2 lerentis:v0.6.1 lerentis:v0.6.0 lerentis:v0.5.4 lerentis:v0.5.3 lerentis:v0.5.2 lerentis:v0.5.1 lerentis:v0.5.0 lerentis:v0.4.2 lerentis:v0.4.1 lerentis:v0.4.0 lerentis:v0.3.0 lerentis:v0.2.1 lerentis:v0.2.0 lerentis:v0.1.2 lerentis:v0.1.1 lerentis:v0.1.0
...
compare: lerentis:2bf13bc8c5c2291e2addaadebca32f527956e259
Branches Tags
lerentis:feature/kubebuilder lerentis:main lerentis:Lerentis/issue60 lerentis:Lerentis/issue29 lerentis:Lerentis/issue25 lerentis:gh-pages
lerentis:0.6.4 lerentis:v0.6.2 lerentis:v0.6.1 lerentis:v0.6.0 lerentis:v0.5.4 lerentis:v0.5.3 lerentis:v0.5.2 lerentis:v0.5.1 lerentis:v0.5.0 lerentis:v0.4.2 lerentis:v0.4.1 lerentis:v0.4.0 lerentis:v0.3.0 lerentis:v0.2.1 lerentis:v0.2.0 lerentis:v0.1.2 lerentis:v0.1.1 lerentis:v0.1.0

6 Commits
Lerentis/i ... 2bf13bc8c5

Author SHA1 Message Date
Tobias Trabelsi
2bf13bc8c5 Merge pull request #63 from Lerentis/fixup/fix-arm-node-version 
fixup for arm
 2024-01-07 21:25:05 +01:00
Tobias Trabelsi
48754d4578 fixup for arm 2024-01-07 21:20:56 +01:00
Tobias Trabelsi
a2186ab3aa Merge pull request #61 from Lerentis/Lerentis/issue60 
Labels for Secrets and updates
 2024-01-06 23:38:59 +01:00
Tobias Trabelsi
9f4264d355 update dependencies 2024-01-06 23:37:22 +01:00
Tobias Trabelsi
620d0f0b18 fix CRD and updated docs 2024-01-06 23:29:45 +01:00
Tobias Trabelsi
ac0bc2d89d also add labels to update handlers 2024-01-06 22:48:02 +01:00
12 changed files with 78 additions and 80 deletions
Expand all files Collapse all files

17
Dockerfile
View File

@ -1,14 +1,15 @@
FROM alpine:3.18.4
FROM alpine:3.19.0
LABEL org.opencontainers.image.source=https://github.com/Lerentis/bitwarden-crd-operator
LABEL org.opencontainers.image.description="Kubernetes Operator to create k8s secrets from bitwarden"
LABEL org.opencontainers.image.licenses=MIT
ARG PYTHON_VERSION=3.11.6-r0
ARG PIP_VERSION=23.1.2-r0
ARG GCOMPAT_VERSION=1.1.0-r1
ARG LIBCRYPTO_VERSION=3.1.3-r0
ARG BW_VERSION=2023.1.0
ARG PYTHON_VERSION=3.11.6-r1
ARG PIP_VERSION=23.3.1-r0
ARG GCOMPAT_VERSION=1.1.0-r4
ARG LIBCRYPTO_VERSION=3.1.4-r2
ARG BW_VERSION=2023.7.0
ARG NODE_VERSION=20.10.0-r1
COPY requirements.txt /requirements.txt
@ -17,7 +18,7 @@ RUN set -eux; \
ARCH="$(apk --print-arch)"; \
case "${ARCH}" in \
aarch64|arm64) \
apk add npm; \
apk add nodejs=${NODE_VERSION} npm; \
npm install -g @bitwarden/cli@${BW_VERSION}; \
;; \
amd64|x86_64) \
@ -38,7 +39,7 @@ RUN set -eux; \
mkdir -p /home/bw-operator; \
chown -R bw-operator /home/bw-operator; \
apk add gcc musl-dev libstdc++ gcompat=${GCOMPAT_VERSION} python3=${PYTHON_VERSION} py3-pip=${PIP_VERSION} libcrypto3=${LIBCRYPTO_VERSION}; \
pip install -r /requirements.txt --no-warn-script-location; \
pip install -r /requirements.txt --no-warn-script-location --break-system-packages; \
rm /requirements.txt; \
apk del --purge gcc musl-dev libstdc++;

18
README.md
View File

@ -56,7 +56,7 @@ And you are set to create your first secret using this operator. For that you ne
```yaml
---
apiVersion: "lerentis.uploadfilter24.eu/v1beta4"
apiVersion: "lerentis.uploadfilter24.eu/v1beta5"
kind: BitwardenSecret
metadata:
name: name-of-your-management-object
@ -73,6 +73,8 @@ spec:
id: "A Secret ID from bitwarden"
name: "Name of the secret to be created"
namespace: "Namespace of the secret to be created"
labels: # Optional
key: value
```
The ID can be extracted from the browser when you open a item the ID is in the URL. The resulting secret looks something like this:
@ -87,6 +89,8 @@ metadata:
annotations:
managed: bitwarden-secrets.lerentis.uploadfilter24.eu
managedObject: bw-operator/test
labels:
key: value
name: name-of-your-management-object
namespace: default
type: Opaque
@ -98,7 +102,7 @@ For managing registry credentials, or pull secrets, you can create another kind
```yaml
---
apiVersion: "lerentis.uploadfilter24.eu/v1beta4"
apiVersion: "lerentis.uploadfilter24.eu/v1beta5"
kind: RegistryCredential
metadata:
name: name-of-your-management-object
@ -109,6 +113,8 @@ spec:
id: "A Secret ID from bitwarden"
name: "Name of the secret to be created"
namespace: "Namespace of the secret to be created"
labels: # Optional
key: value
```
The resulting secret looks something like this:
@ -122,6 +128,8 @@ metadata:
annotations:
managed: bitwarden-secrets.lerentis.uploadfilter24.eu
managedObject: bw-operator/test
labels:
key: value
name: name-of-your-management-object
namespace: default
type: dockerconfigjson
@ -133,7 +141,7 @@ One of the more freely defined types that can be used with this operator you can
```yaml
---
apiVersion: "lerentis.uploadfilter24.eu/v1beta4"
apiVersion: "lerentis.uploadfilter24.eu/v1beta5"
kind: BitwardenTemplate
metadata:
name: name-of-your-management-object
@ -141,6 +149,8 @@ spec:
filename: "Key of the secret to be created"
name: "Name of the secret to be created"
namespace: "Namespace of the secret to be created"
labels: # Optional
key: value
template: |
---
api:
@ -164,6 +174,8 @@ metadata:
annotations:
managed: bitwarden-template.lerentis.uploadfilter24.eu
managedObject: namespace/name-of-your-management-object
labels:
key: value
name: Name of the secret to be created
namespace: Namespace of the secret to be created
type: Opaque

10
charts/bitwarden-crd-operator/Chart.yaml
View File

@ -4,9 +4,9 @@ description: Deploy the Bitwarden CRD Operator
type: application
version: "v0.11.0"
version: "v0.11.1"
appVersion: "0.10.0"
appVersion: "0.10.1"
keywords:
- operator
@ -101,8 +101,10 @@ annotations:
artifacthub.io/operator: "true"
artifacthub.io/containsSecurityUpdates: "false"
artifacthub.io/changes: |
- kind: fixed
description: "Downgrade node to LTS in order to make bw cli work on arm"
- kind: changed
description: "Added the possibility to add labels to generated secrets"
description: "Update bw cli to 2023.7.0 for the same reason"
artifacthub.io/images: |
- name: bitwarden-crd-operator
image: ghcr.io/lerentis/bitwarden-crd-operator:0.10.0
image: ghcr.io/lerentis/bitwarden-crd-operator:0.10.1

22
charts/bitwarden-crd-operator/crds/bitwarden-secrets.yaml
View File

@ -14,8 +14,9 @@ spec:
- bws
versions:
- name: v1beta4
served: false
storage: true
served: true
storage: false
deprecated: true
schema:
openAPIV3Schema:
type: object
@ -82,21 +83,8 @@ spec:
name:
type: string
labels:
type: array
items:
type: object
properties:
json:
x-kubernetes-preserve-unknown-fields: true
type: object
properties:
spec:
type: object
properties:
foo:
type: string
bar:
type: string
type: object
x-kubernetes-preserve-unknown-fields: true
required:
- id
- namespace

22
charts/bitwarden-crd-operator/crds/bitwarden-templates.yaml
View File

@ -14,8 +14,9 @@ spec:
- bwt
versions:
- name: v1beta4
served: false
storage: true
served: true
storage: false
deprecated: true
schema:
openAPIV3Schema:
type: object
@ -55,21 +56,8 @@ spec:
name:
type: string
labels:
type: array
items:
type: object
properties:
json:
x-kubernetes-preserve-unknown-fields: true
type: object
properties:
spec:
type: object
properties:
foo:
type: string
bar:
type: string
type: object
x-kubernetes-preserve-unknown-fields: true
required:
- filename
- template

22
charts/bitwarden-crd-operator/crds/registry-credentials.yaml
View File

@ -14,8 +14,9 @@ spec:
- rgc
versions:
- name: v1beta4
served: false
storage: true
served: true
storage: false
deprecated: true
schema:
openAPIV3Schema:
type: object
@ -65,21 +66,8 @@ spec:
name:
type: string
labels:
type: array
items:
type: object
properties:
json:
x-kubernetes-preserve-unknown-fields: true
type: object
properties:
spec:
type: object
properties:
foo:
type: string
bar:
type: string
type: object
x-kubernetes-preserve-unknown-fields: true
required:
- id
- namespace

7
example.yaml
View File

@ -17,7 +17,8 @@ spec:
name: "test-secret"
namespace: "default"
labels:
- key: value
key: value
app: example-app
---
apiVersion: "lerentis.uploadfilter24.eu/v1beta5"
kind: BitwardenSecret
@ -31,6 +32,4 @@ spec:
secretScope: fields
id: "466fc4b0-ffca-4444-8d88-b59d4de3d928"
name: "test-scope"
namespace: "default"
labels:
- key: value
namespace: "default"

7
example_dockerlogin.yaml
View File

@ -1,5 +1,5 @@
---
apiVersion: "lerentis.uploadfilter24.eu/v1beta4"
apiVersion: "lerentis.uploadfilter24.eu/v1beta5"
kind: RegistryCredential
metadata:
name: test
@ -9,4 +9,7 @@ spec:
registry: "docker.io"
id: "3b249ec7-9ce7-440a-9558-f34f3ab10680"
name: "test-regcred"
namespace: "default"
namespace: "default"
labels:
namespace: default
tenant: example-team

5
example_template.yaml
View File

@ -1,5 +1,5 @@
---
apiVersion: "lerentis.uploadfilter24.eu/v1beta4"
apiVersion: "lerentis.uploadfilter24.eu/v1beta5"
kind: BitwardenTemplate
metadata:
name: test
@ -7,6 +7,9 @@ spec:
filename: "config.yaml"
name: "test-template"
namespace: "default"
labels:
key: value
app: example-app
template: |
---
api:

9
src/dockerlogin.py
View File

@ -96,6 +96,7 @@ def update_managed_registry_secret(
id = spec.get('id')
secret_name = spec.get('name')
secret_namespace = spec.get('namespace')
labels = spec.get('labels')
old_config = None
old_secret_name = None
@ -132,9 +133,13 @@ def update_managed_registry_secret(
"managed": "registry-credential.lerentis.uploadfilter24.eu",
"managedObject": f"{namespace}/{name}"
}
if not labels:
labels = {}
secret = kubernetes.client.V1Secret()
secret.metadata = kubernetes.client.V1ObjectMeta(
name=secret_name, annotations=annotations)
name=secret_name, annotations=annotations, labels=labels)
secret = create_dockerlogin(
logger,
secret,
@ -143,7 +148,7 @@ def update_managed_registry_secret(
password_ref,
registry)
try:
obj = api.replace_namespaced_secret(
api.replace_namespaced_secret(
name=secret_name,
body=secret,
namespace="{}".format(secret_namespace))

8
src/kv.py
View File

@ -93,6 +93,7 @@ def update_managed_secret(
old_secret_namespace = old_config['spec'].get('namespace')
secret_name = spec.get('name')
secret_namespace = spec.get('namespace')
labels = spec.get('labels')
if old_config is not None and (
old_secret_name != secret_name or old_secret_namespace != secret_namespace):
@ -119,13 +120,16 @@ def update_managed_secret(
"managedObject": f"{namespace}/{name}"
}
if not labels:
labels = {}
secret = kubernetes.client.V1Secret()
secret.metadata = kubernetes.client.V1ObjectMeta(
name=secret_name, annotations=annotations)
name=secret_name, annotations=annotations, labels=labels)
secret = create_kv(secret, secret_json_object, content_def)
try:
obj = api.replace_namespaced_secret(
api.replace_namespaced_secret(
name=secret_name,
body=secret,
namespace="{}".format(secret_namespace))

11
src/template.py
View File

@ -52,7 +52,7 @@ def create_managed_secret(spec, name, namespace, logger, body, **kwargs):
name=secret_name, annotations=annotations, labels=labels)
secret = create_template_secret(logger, secret, filename, template)
obj = api.create_namespaced_secret(
api.create_namespaced_secret(
secret_namespace, secret
)
@ -74,6 +74,7 @@ def update_managed_secret(
filename = spec.get('filename')
secret_name = spec.get('name')
secret_namespace = spec.get('namespace')
labels = spec.get('labels')
old_config = None
old_secret_name = None
@ -108,13 +109,17 @@ def update_managed_secret(
"managed": "bitwarden-template.lerentis.uploadfilter24.eu",
"managedObject": f"{namespace}/{name}"
}
if not labels:
labels = {}
secret = kubernetes.client.V1Secret()
secret.metadata = kubernetes.client.V1ObjectMeta(
name=secret_name, annotations=annotations)
name=secret_name, annotations=annotations, labels=labels)
secret = create_template_secret(logger, secret, filename, template)
try:
obj = api.replace_namespaced_secret(
api.replace_namespaced_secret(
name=secret_name,
body=secret,
namespace="{}".format(secret_namespace))