2022-10-03 14:00:12 +00:00
4 changed files with 63 additions and 20 deletions
--- a/README.md
+++ b/README.md
@ -39,12 +39,18 @@ And you are set to create your first secret using this operator. For that you ne

 ```yaml
 ---
-apiVersion: "lerentis.uploadfilter24.eu/v1beta1"
+apiVersion: "lerentis.uploadfilter24.eu/v1beta2"
 kind: BitwardenSecret
 metadata:
  name: name-of-your-management-object
 spec:
-  type: "UsernamePassword"
+  content:
+    - element:
+        secretName: nameOfTheFieldInBitwarden # for example username
+        secretRef: nameOfTheKeyInTheSecretToBeCreated 
+    - element:
+        secretName: nameOfAnotherFieldInBitwarden # for example password
+        secretRef: nameOfAnotherKeyInTheSecretToBeCreated 
  id: "A Secret ID from bitwarden"
  name: "Name of the secret to be created"
  namespace: "Namespace of the secret to be created"
@ -55,8 +61,8 @@ The ID can be extracted from the browser when you open a item the ID is in the U
 ```yaml
 apiVersion: v1
 data:
-  password: "base64 encoded password"
-  username: "base64 encoded username"
+  nameOfTheKeyInTheSecretToBeCreated: "base64 encoded value of TheFieldInBitwarden"
+  nameOfAnotherKeyInTheSecretToBeCreated: "base64 encoded value of AnotherFieldInBitwarden"
 kind: Secret
 metadata:
  annotations:
@ -73,4 +79,4 @@ type: Opaque
 [] offer option to use a existing secret in helm chart  
 [] host chart on gh pages  
 [] write release pipeline  
-[] maybe extend spec to offer modification of keys as well
+[x] maybe extend spec to offer modification of keys as well
--- a/bitwarden-crd-operator.py
+++ b/bitwarden-crd-operator.py
@ -6,6 +6,8 @@ import os
 import subprocess
 import json

+from pprint import pprint
+
 def get_secret_from_bitwarden(logger, id):
    return command_wrapper(logger, f"get item {id}")

@ -33,9 +35,9 @@ def bitwarden_signin(logger, **kwargs):
    unlock_bw(logger)

@kopf.on.create('bitwarden-secrets.lerentis.uploadfilter24.eu')
-def create_fn(spec, name, namespace, logger, **kwargs):
+def create_managed_secret(spec, name, namespace, logger, body, **kwargs):

-    type = spec.get('type')
+    content_def = body['spec']['content']
    id = spec.get('id')
    secret_name = spec.get('name')
    secret_namespace = spec.get('namespace')
@ -53,10 +55,16 @@ def create_fn(spec, name, namespace, logger, **kwargs):
    secret = kubernetes.client.V1Secret()
    secret.metadata = kubernetes.client.V1ObjectMeta(name=secret_name, annotations=annotations)
    secret.type = "Opaque"
-    secret.data = {
-            'username': str(base64.b64encode(secret_json_object["login"]["username"].encode("utf-8")), "utf-8"),
-            'password': str(base64.b64encode(secret_json_object["login"]["password"].encode("utf-8")), "utf-8")
-        }
+    secret.data = {}
+    for eleml in content_def:
+        for k, elem in eleml.items():
+            for key,value in elem.items():
+                if key == "secretName":
+                    _secret_key = value
+                if key == "secretRef":
+                    _secret_ref = value
+            
+            secret.data[_secret_ref] = str(base64.b64encode(secret_json_object["login"][_secret_key].encode("utf-8")), "utf-8")

    obj = api.create_namespaced_secret(
        secret_namespace, secret
@ -70,5 +78,13 @@ def my_handler(spec, old, new, diff, **_):
    pass

@kopf.on.delete('bitwarden-secrets.lerentis.uploadfilter24.eu')
-def my_handler(spec, name, namespace, logger, **kwargs):
-    pass
+def delete_managed_secret(spec, name, namespace, logger, **kwargs):
+    secret_name = spec.get('name')
+    secret_namespace = spec.get('namespace')
+    api = kubernetes.client.CoreV1Api()
+
+    try:
+        api.delete_namespaced_secret(secret_name, secret_namespace)
+        logger.info(f"Secret {secret_namespace}/{secret_name} has been deleted")
+    except:
+        logger.warn(f"Could not delete secret {secret_namespace}/{secret_name}!")
--- a/chart/bitwarden-crd-operator/crds/bitwarden-secrets.yaml
+++ b/chart/bitwarden-crd-operator/crds/bitwarden-secrets.yaml
@ -12,7 +12,7 @@ spec:
    shortNames:
      - bws
  versions:
-    - name: v1beta1
+    - name: v1beta2
      served: true
      storage: true
      schema:
@ -22,12 +22,27 @@ spec:
            spec:
              type: object
              properties:
-                type:
-                  type: string
+                content:
+                  type: array
+                  items:
+                    type: object
+                    properties:
+                      element:
+                        type: object
+                        properties:
+                          secretName:
+                            type: string
+                          secretRef:
+                            type: string
+                        required:
+                          - secretName
                id:
                  type: string
                namespace:
                  type: string
                name:
                  type: string
-
+              required:
+                - id
+                - namespace
+                - name
--- a/example.yaml
+++ b/example.yaml
@ -1,10 +1,16 @@
 ---
-apiVersion: "lerentis.uploadfilter24.eu/v1beta1"
+apiVersion: "lerentis.uploadfilter24.eu/v1beta2"
 kind: BitwardenSecret
 metadata:
  name: test
 spec:
-  type: "password"
-  id: "123456"
+  content:
+    - element:
+        secretName: username
+        secretRef: nameofUser 
+    - element:
+        secretName: password
+        secretRef: passwordOfUser 
+  id: "88781348-c81c-4367-9801-550360c21295"
  name: "test-secret"
  namespace: "default"