Merge pull request 'jinja templates' (#6) from feature/tt/raw-templates into main

Reviewed-on: #6

Dockerfile

@@ -9,10 +9,6 @@ RUN cd /tmp && wget https://github.com/bitwarden/clients/releases/download/cli-v
 
 FROM alpine:3.17
 
-ARG PYTHON_VERSION=3.10.9-r1
-ARG PIP_VERSION=22.3.1-r1
-ARG GCOMPAT_VERSION=1.1.0-r0
-
 COPY --from=builder /tmp/bw /usr/local/bin/bw
 COPY requirements.txt requirements.txt
 
@@ -22,7 +18,7 @@ RUN set -eux; \
     mkdir -p /home/bw-operator; \
     chown -R bw-operator /home/bw-operator; \
     chmod +x /usr/local/bin/bw; \
-    apk add gcc musl-dev libstdc++ gcompat=${GCOMPAT_VERSION} python3=${PYTHON_VERSION} py-pip=${PIP_VERSION}; \
+    apk add gcc musl-dev libstdc++ gcompat python3 py-pip; \
     pip install -r requirements.txt --no-warn-script-location; \
     apk del --purge gcc musl-dev libstdc++;
 

README.md

@@ -56,7 +56,7 @@ And you are set to create your first secret using this operator. For that you ne
 
 ```yaml
 ---
-apiVersion: "lerentis.uploadfilter24.eu/v1beta4"
+apiVersion: "lerentis.uploadfilter24.eu/v1beta3"
 kind: BitwardenSecret
 metadata:
   name: name-of-your-management-object
@@ -65,11 +65,9 @@ spec:
     - element:
         secretName: nameOfTheFieldInBitwarden # for example username
         secretRef: nameOfTheKeyInTheSecretToBeCreated 
-        secretScope: login # for custom entries on bitwarden use 'fields' 
     - element:
         secretName: nameOfAnotherFieldInBitwarden # for example password
         secretRef: nameOfAnotherKeyInTheSecretToBeCreated 
-        secretScope: login # for custom entries on bitwarden use 'fields' 
   id: "A Secret ID from bitwarden"
   name: "Name of the secret to be created"
   namespace: "Namespace of the secret to be created"
@@ -98,7 +96,7 @@ For managing registry credentials, or pull secrets, you can create another kind
 
 ```yaml
 ---
-apiVersion: "lerentis.uploadfilter24.eu/v1beta4"
+apiVersion: "lerentis.uploadfilter24.eu/v1beta3"
 kind: RegistryCredential
 metadata:
   name: name-of-your-management-object
@@ -127,50 +125,6 @@ metadata:
 type: dockerconfigjson
 ```
 
-## BitwardenTemplate
-
-One of the more freely defined types that can be used with this operator you can just pass a whole template:
-
-```yaml
----
-apiVersion: "lerentis.uploadfilter24.eu/v1beta4"
-kind: BitwardenTemplate
-metadata:
-  name: name-of-your-management-object
-spec:
-  filename: "Key of the secret to be created"
-  name: "Name of the secret to be created"
-  namespace: "Namespace of the secret to be created"
-  template: |
-    ---
-    api:
-      enabled: True
-      key: {{ bitwarden_lookup("A Secret ID from bitwarden", "login or fields", "name of a field in bitwarden") }}
-      allowCrossOrigin: false
-      apps:
-        "some.app.identifier:some_version":
-          pubkey: {{ bitwarden_lookup("A Secret ID from bitwarden", "login or fields", "name of a field in bitwarden") }}
-          enabled: true
-```
-
-This will result in something like the following object:
-
-```yaml
-apiVersion: v1
-data:
-  Key of the secret to be created: "base64 encoded and rendered template with secrets injected directly from bitwarden"
-kind: Secret
-metadata:
-  annotations:
-    managed: bitwarden-template.lerentis.uploadfilter24.eu
-    managedObject: namespace/name-of-your-management-object
-  name: Name of the secret to be created
-  namespace: Namespace of the secret to be created
-type: Opaque
-```
-
-please note that the rendering engine for this template is jinja2, with an addition of a custom `bitwarden_lookup` function, so there are more possibilities to inject here.
-
 ## Short Term Roadmap
 
 - [ ] support more types

charts/bitwarden-crd-operator/Chart.yaml

@@ -4,7 +4,7 @@ description: Deploy the Bitwarden CRD Operator
 
 type: application
 
-version: "v0.4.1"
+version: "v0.4.0"
 
 appVersion: "0.4.0"
 
@@ -85,17 +85,23 @@ annotations:
           ---
           api:
             enabled: True
-            key: {{ bitwarden_lookup("aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee", "fields", "key") }}
+            key: {{ bitwarden_lookup("466fc4b0-ffca-4444-8d88-b59d4de3d928", "fields", "key") }}
             allowCrossOrigin: false
             apps:
               "some.app.identifier:some_version":
-                pubkey: {{ bitwarden_lookup("aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee", "fields", "public_key") }}
+                pubkey: {{ bitwarden_lookup("466fc4b0-ffca-4444-8d88-b59d4de3d928", "fields", "public_key") }}
                 enabled: true  
   artifacthub.io/license: MIT
   artifacthub.io/operator: "true"  
   artifacthub.io/changes: |
+    - kind: added
+      description: "Added Template type"
+    - kind: added
+      description: "Added logo"
+    - kind: changed
+      description: "BitwardenSecret now requires a 'secretScope' to be defined. Can eigher be 'login' or 'fields'"
     - kind: fixed
-      description: "Fixed documentation and examples"
+      description: "fixed hardcoded reference to 'login' even tho secrets could also be in 'fields' scope"
   artifacthub.io/images: |
     - name: bitwarden-crd-operator
       image: lerentis/bitwarden-crd-operator:0.4.0

charts/bitwarden-crd-operator/README.md

@@ -4,14 +4,9 @@
 
 Bitwarden CRD Operator is a kubernetes Operator based on [kopf](https://github.com/nolar/kopf/). The goal is to create kubernetes native secret objects from bitwarden.
 
-<p align="center">
-  <img src="https://github.com/Lerentis/bitwarden-crd-operator/blob/main/logo.png?raw=true" alt="Bitwarden CRD Operator Logo" width="200"/>
-</p>
-
 > DISCLAIMER:  
 > This project is still very work in progress :)
 
-
 ## Getting started
 
 You will need a `ClientID` and `ClientSecret` ([where to get these](https://bitwarden.com/help/personal-api-key/)) as well as your password.
@@ -56,7 +51,7 @@ And you are set to create your first secret using this operator. For that you ne
 
 ```yaml
 ---
-apiVersion: "lerentis.uploadfilter24.eu/v1beta4"
+apiVersion: "lerentis.uploadfilter24.eu/v1beta3"
 kind: BitwardenSecret
 metadata:
   name: name-of-your-management-object
@@ -65,11 +60,9 @@ spec:
     - element:
         secretName: nameOfTheFieldInBitwarden # for example username
         secretRef: nameOfTheKeyInTheSecretToBeCreated 
-        secretScope: login # for custom entries on bitwarden use 'fields' 
     - element:
         secretName: nameOfAnotherFieldInBitwarden # for example password
         secretRef: nameOfAnotherKeyInTheSecretToBeCreated 
-        secretScope: login # for custom entries on bitwarden use 'fields' 
   id: "A Secret ID from bitwarden"
   name: "Name of the secret to be created"
   namespace: "Namespace of the secret to be created"
@@ -98,7 +91,7 @@ For managing registry credentials, or pull secrets, you can create another kind
 
 ```yaml
 ---
-apiVersion: "lerentis.uploadfilter24.eu/v1beta4"
+apiVersion: "lerentis.uploadfilter24.eu/v1beta3"
 kind: RegistryCredential
 metadata:
   name: name-of-your-management-object
@@ -127,46 +120,10 @@ metadata:
 type: dockerconfigjson
 ```
 
-## BitwardenTemplate
+## Short Term Roadmap
 
-One of the more freely defined types that can be used with this operator you can just pass a whole template:
+- [ ] support more types
-
+- [x] offer option to use a existing secret in helm chart
-```yaml
+- [x] host chart on gh pages
----
+- [x] write release pipeline
-apiVersion: "lerentis.uploadfilter24.eu/v1beta4"
+- [x] maybe extend spec to offer modification of keys as well
-kind: BitwardenTemplate
-metadata:
-  name: name-of-your-management-object
-spec:
-  filename: "Key of the secret to be created"
-  name: "Name of the secret to be created"
-  namespace: "Namespace of the secret to be created"
-  template: |
-    ---
-    api:
-      enabled: True
-      key: {{ bitwarden_lookup("A Secret ID from bitwarden", "login or fields", "name of a field in bitwarden") }}
-      allowCrossOrigin: false
-      apps:
-        "some.app.identifier:some_version":
-          pubkey: {{ bitwarden_lookup("A Secret ID from bitwarden", "login or fields", "name of a field in bitwarden") }}
-          enabled: true
-```
-
-This will result in something like the following object:
-
-```yaml
-apiVersion: v1
-data:
-  Key of the secret to be created: "base64 encoded and rendered template with secrets injected directly from bitwarden"
-kind: Secret
-metadata:
-  annotations:
-    managed: bitwarden-template.lerentis.uploadfilter24.eu
-    managedObject: namespace/name-of-your-management-object
-  name: Name of the secret to be created
-  namespace: Namespace of the secret to be created
-type: Opaque
-```
-
-please note that the rendering engine for this template is jinja2, with an addition of a custom `bitwarden_lookup` function, so there are more possibilities to inject here.

requirements.txt

@@ -1,3 +1,3 @@
-kopf==1.36.0
+kopf==1.35.6
 kubernetes==25.3.0
 Jinja2==3.1.2