free-key-value-definition #1
							
								
								
									
										16
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										16
									
								
								README.md
									
									
									
									
									
								
							| @@ -39,12 +39,18 @@ And you are set to create your first secret using this operator. For that you ne | |||||||
|  |  | ||||||
| ```yaml | ```yaml | ||||||
| --- | --- | ||||||
| apiVersion: "lerentis.uploadfilter24.eu/v1beta1" | apiVersion: "lerentis.uploadfilter24.eu/v1beta2" | ||||||
| kind: BitwardenSecret | kind: BitwardenSecret | ||||||
| metadata: | metadata: | ||||||
|   name: name-of-your-management-object |   name: name-of-your-management-object | ||||||
| spec: | spec: | ||||||
|   type: "UsernamePassword" |   content: | ||||||
|  |     - element: | ||||||
|  |         secretName: nameOfTheFieldInBitwarden # for example username | ||||||
|  |         secretRef: nameOfTheKeyInTheSecretToBeCreated  | ||||||
|  |     - element: | ||||||
|  |         secretName: nameOfAnotherFieldInBitwarden # for example password | ||||||
|  |         secretRef: nameOfAnotherKeyInTheSecretToBeCreated  | ||||||
|   id: "A Secret ID from bitwarden" |   id: "A Secret ID from bitwarden" | ||||||
|   name: "Name of the secret to be created" |   name: "Name of the secret to be created" | ||||||
|   namespace: "Namespace of the secret to be created" |   namespace: "Namespace of the secret to be created" | ||||||
| @@ -55,8 +61,8 @@ The ID can be extracted from the browser when you open a item the ID is in the U | |||||||
| ```yaml | ```yaml | ||||||
| apiVersion: v1 | apiVersion: v1 | ||||||
| data: | data: | ||||||
|   password: "base64 encoded password" |   nameOfTheKeyInTheSecretToBeCreated: "base64 encoded value of TheFieldInBitwarden" | ||||||
|   username: "base64 encoded username" |   nameOfAnotherKeyInTheSecretToBeCreated: "base64 encoded value of AnotherFieldInBitwarden" | ||||||
| kind: Secret | kind: Secret | ||||||
| metadata: | metadata: | ||||||
|   annotations: |   annotations: | ||||||
| @@ -73,4 +79,4 @@ type: Opaque | |||||||
| [] offer option to use a existing secret in helm chart   | [] offer option to use a existing secret in helm chart   | ||||||
| [] host chart on gh pages   | [] host chart on gh pages   | ||||||
| [] write release pipeline   | [] write release pipeline   | ||||||
| [] maybe extend spec to offer modification of keys as well | [x] maybe extend spec to offer modification of keys as well | ||||||
|   | |||||||
| @@ -6,6 +6,8 @@ import os | |||||||
| import subprocess | import subprocess | ||||||
| import json | import json | ||||||
|  |  | ||||||
|  | from pprint import pprint | ||||||
|  |  | ||||||
| def get_secret_from_bitwarden(logger, id): | def get_secret_from_bitwarden(logger, id): | ||||||
|     return command_wrapper(logger, f"get item {id}") |     return command_wrapper(logger, f"get item {id}") | ||||||
|  |  | ||||||
| @@ -33,9 +35,9 @@ def bitwarden_signin(logger, **kwargs): | |||||||
|     unlock_bw(logger) |     unlock_bw(logger) | ||||||
|  |  | ||||||
| @kopf.on.create('bitwarden-secrets.lerentis.uploadfilter24.eu') | @kopf.on.create('bitwarden-secrets.lerentis.uploadfilter24.eu') | ||||||
| def create_fn(spec, name, namespace, logger, **kwargs): | def create_managed_secret(spec, name, namespace, logger, body, **kwargs): | ||||||
|  |  | ||||||
|     type = spec.get('type') |     content_def = body['spec']['content'] | ||||||
|     id = spec.get('id') |     id = spec.get('id') | ||||||
|     secret_name = spec.get('name') |     secret_name = spec.get('name') | ||||||
|     secret_namespace = spec.get('namespace') |     secret_namespace = spec.get('namespace') | ||||||
| @@ -53,10 +55,16 @@ def create_fn(spec, name, namespace, logger, **kwargs): | |||||||
|     secret = kubernetes.client.V1Secret() |     secret = kubernetes.client.V1Secret() | ||||||
|     secret.metadata = kubernetes.client.V1ObjectMeta(name=secret_name, annotations=annotations) |     secret.metadata = kubernetes.client.V1ObjectMeta(name=secret_name, annotations=annotations) | ||||||
|     secret.type = "Opaque" |     secret.type = "Opaque" | ||||||
|     secret.data = { |     secret.data = {} | ||||||
|             'username': str(base64.b64encode(secret_json_object["login"]["username"].encode("utf-8")), "utf-8"), |     for eleml in content_def: | ||||||
|             'password': str(base64.b64encode(secret_json_object["login"]["password"].encode("utf-8")), "utf-8") |         for k, elem in eleml.items(): | ||||||
|         } |             for key,value in elem.items(): | ||||||
|  |                 if key == "secretName": | ||||||
|  |                     _secret_key = value | ||||||
|  |                 if key == "secretRef": | ||||||
|  |                     _secret_ref = value | ||||||
|  |              | ||||||
|  |             secret.data[_secret_ref] = str(base64.b64encode(secret_json_object["login"][_secret_key].encode("utf-8")), "utf-8") | ||||||
|  |  | ||||||
|     obj = api.create_namespaced_secret( |     obj = api.create_namespaced_secret( | ||||||
|         secret_namespace, secret |         secret_namespace, secret | ||||||
| @@ -70,5 +78,13 @@ def my_handler(spec, old, new, diff, **_): | |||||||
|     pass |     pass | ||||||
|  |  | ||||||
| @kopf.on.delete('bitwarden-secrets.lerentis.uploadfilter24.eu') | @kopf.on.delete('bitwarden-secrets.lerentis.uploadfilter24.eu') | ||||||
| def my_handler(spec, name, namespace, logger, **kwargs): | def delete_managed_secret(spec, name, namespace, logger, **kwargs): | ||||||
|     pass |     secret_name = spec.get('name') | ||||||
|  |     secret_namespace = spec.get('namespace') | ||||||
|  |     api = kubernetes.client.CoreV1Api() | ||||||
|  |  | ||||||
|  |     try: | ||||||
|  |         api.delete_namespaced_secret(secret_name, secret_namespace) | ||||||
|  |         logger.info(f"Secret {secret_namespace}/{secret_name} has been deleted") | ||||||
|  |     except: | ||||||
|  |         logger.warn(f"Could not delete secret {secret_namespace}/{secret_name}!") | ||||||
|   | |||||||
| @@ -12,7 +12,7 @@ spec: | |||||||
|     shortNames: |     shortNames: | ||||||
|       - bws |       - bws | ||||||
|   versions: |   versions: | ||||||
|     - name: v1beta1 |     - name: v1beta2 | ||||||
|       served: true |       served: true | ||||||
|       storage: true |       storage: true | ||||||
|       schema: |       schema: | ||||||
| @@ -22,12 +22,27 @@ spec: | |||||||
|             spec: |             spec: | ||||||
|               type: object |               type: object | ||||||
|               properties: |               properties: | ||||||
|                 type: |                 content: | ||||||
|  |                   type: array | ||||||
|  |                   items: | ||||||
|  |                     type: object | ||||||
|  |                     properties: | ||||||
|  |                       element: | ||||||
|  |                         type: object | ||||||
|  |                         properties: | ||||||
|  |                           secretName: | ||||||
|                             type: string |                             type: string | ||||||
|  |                           secretRef: | ||||||
|  |                             type: string | ||||||
|  |                         required: | ||||||
|  |                           - secretName | ||||||
|                 id: |                 id: | ||||||
|                   type: string |                   type: string | ||||||
|                 namespace: |                 namespace: | ||||||
|                   type: string |                   type: string | ||||||
|                 name: |                 name: | ||||||
|                   type: string |                   type: string | ||||||
|  |               required: | ||||||
|  |                 - id | ||||||
|  |                 - namespace | ||||||
|  |                 - name | ||||||
|   | |||||||
							
								
								
									
										12
									
								
								example.yaml
									
									
									
									
									
								
							
							
						
						
									
										12
									
								
								example.yaml
									
									
									
									
									
								
							| @@ -1,10 +1,16 @@ | |||||||
| --- | --- | ||||||
| apiVersion: "lerentis.uploadfilter24.eu/v1beta1" | apiVersion: "lerentis.uploadfilter24.eu/v1beta2" | ||||||
| kind: BitwardenSecret | kind: BitwardenSecret | ||||||
| metadata: | metadata: | ||||||
|   name: test |   name: test | ||||||
| spec: | spec: | ||||||
|   type: "password" |   content: | ||||||
|   id: "123456" |     - element: | ||||||
|  |         secretName: username | ||||||
|  |         secretRef: nameofUser  | ||||||
|  |     - element: | ||||||
|  |         secretName: password | ||||||
|  |         secretRef: passwordOfUser  | ||||||
|  |   id: "88781348-c81c-4367-9801-550360c21295" | ||||||
|   name: "test-secret" |   name: "test-secret" | ||||||
|   namespace: "default" |   namespace: "default" | ||||||
		Reference in New Issue
	
	Block a user