free-key-value-definition #1
16
README.md
16
README.md
@ -39,12 +39,18 @@ And you are set to create your first secret using this operator. For that you ne
|
|||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
---
|
---
|
||||||
apiVersion: "lerentis.uploadfilter24.eu/v1beta1"
|
apiVersion: "lerentis.uploadfilter24.eu/v1beta2"
|
||||||
kind: BitwardenSecret
|
kind: BitwardenSecret
|
||||||
metadata:
|
metadata:
|
||||||
name: name-of-your-management-object
|
name: name-of-your-management-object
|
||||||
spec:
|
spec:
|
||||||
type: "UsernamePassword"
|
content:
|
||||||
|
- element:
|
||||||
|
secretName: nameOfTheFieldInBitwarden # for example username
|
||||||
|
secretRef: nameOfTheKeyInTheSecretToBeCreated
|
||||||
|
- element:
|
||||||
|
secretName: nameOfAnotherFieldInBitwarden # for example password
|
||||||
|
secretRef: nameOfAnotherKeyInTheSecretToBeCreated
|
||||||
id: "A Secret ID from bitwarden"
|
id: "A Secret ID from bitwarden"
|
||||||
name: "Name of the secret to be created"
|
name: "Name of the secret to be created"
|
||||||
namespace: "Namespace of the secret to be created"
|
namespace: "Namespace of the secret to be created"
|
||||||
@ -55,8 +61,8 @@ The ID can be extracted from the browser when you open a item the ID is in the U
|
|||||||
```yaml
|
```yaml
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
data:
|
data:
|
||||||
password: "base64 encoded password"
|
nameOfTheKeyInTheSecretToBeCreated: "base64 encoded value of TheFieldInBitwarden"
|
||||||
username: "base64 encoded username"
|
nameOfAnotherKeyInTheSecretToBeCreated: "base64 encoded value of AnotherFieldInBitwarden"
|
||||||
kind: Secret
|
kind: Secret
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
@ -73,4 +79,4 @@ type: Opaque
|
|||||||
[] offer option to use a existing secret in helm chart
|
[] offer option to use a existing secret in helm chart
|
||||||
[] host chart on gh pages
|
[] host chart on gh pages
|
||||||
[] write release pipeline
|
[] write release pipeline
|
||||||
[] maybe extend spec to offer modification of keys as well
|
[x] maybe extend spec to offer modification of keys as well
|
||||||
|
@ -6,6 +6,8 @@ import os
|
|||||||
import subprocess
|
import subprocess
|
||||||
import json
|
import json
|
||||||
|
|
||||||
|
from pprint import pprint
|
||||||
|
|
||||||
def get_secret_from_bitwarden(logger, id):
|
def get_secret_from_bitwarden(logger, id):
|
||||||
return command_wrapper(logger, f"get item {id}")
|
return command_wrapper(logger, f"get item {id}")
|
||||||
|
|
||||||
@ -33,9 +35,9 @@ def bitwarden_signin(logger, **kwargs):
|
|||||||
unlock_bw(logger)
|
unlock_bw(logger)
|
||||||
|
|
||||||
@kopf.on.create('bitwarden-secrets.lerentis.uploadfilter24.eu')
|
@kopf.on.create('bitwarden-secrets.lerentis.uploadfilter24.eu')
|
||||||
def create_fn(spec, name, namespace, logger, **kwargs):
|
def create_managed_secret(spec, name, namespace, logger, body, **kwargs):
|
||||||
|
|
||||||
type = spec.get('type')
|
content_def = body['spec']['content']
|
||||||
id = spec.get('id')
|
id = spec.get('id')
|
||||||
secret_name = spec.get('name')
|
secret_name = spec.get('name')
|
||||||
secret_namespace = spec.get('namespace')
|
secret_namespace = spec.get('namespace')
|
||||||
@ -53,10 +55,16 @@ def create_fn(spec, name, namespace, logger, **kwargs):
|
|||||||
secret = kubernetes.client.V1Secret()
|
secret = kubernetes.client.V1Secret()
|
||||||
secret.metadata = kubernetes.client.V1ObjectMeta(name=secret_name, annotations=annotations)
|
secret.metadata = kubernetes.client.V1ObjectMeta(name=secret_name, annotations=annotations)
|
||||||
secret.type = "Opaque"
|
secret.type = "Opaque"
|
||||||
secret.data = {
|
secret.data = {}
|
||||||
'username': str(base64.b64encode(secret_json_object["login"]["username"].encode("utf-8")), "utf-8"),
|
for eleml in content_def:
|
||||||
'password': str(base64.b64encode(secret_json_object["login"]["password"].encode("utf-8")), "utf-8")
|
for k, elem in eleml.items():
|
||||||
}
|
for key,value in elem.items():
|
||||||
|
if key == "secretName":
|
||||||
|
_secret_key = value
|
||||||
|
if key == "secretRef":
|
||||||
|
_secret_ref = value
|
||||||
|
|
||||||
|
secret.data[_secret_ref] = str(base64.b64encode(secret_json_object["login"][_secret_key].encode("utf-8")), "utf-8")
|
||||||
|
|
||||||
obj = api.create_namespaced_secret(
|
obj = api.create_namespaced_secret(
|
||||||
secret_namespace, secret
|
secret_namespace, secret
|
||||||
@ -70,5 +78,13 @@ def my_handler(spec, old, new, diff, **_):
|
|||||||
pass
|
pass
|
||||||
|
|
||||||
@kopf.on.delete('bitwarden-secrets.lerentis.uploadfilter24.eu')
|
@kopf.on.delete('bitwarden-secrets.lerentis.uploadfilter24.eu')
|
||||||
def my_handler(spec, name, namespace, logger, **kwargs):
|
def delete_managed_secret(spec, name, namespace, logger, **kwargs):
|
||||||
pass
|
secret_name = spec.get('name')
|
||||||
|
secret_namespace = spec.get('namespace')
|
||||||
|
api = kubernetes.client.CoreV1Api()
|
||||||
|
|
||||||
|
try:
|
||||||
|
api.delete_namespaced_secret(secret_name, secret_namespace)
|
||||||
|
logger.info(f"Secret {secret_namespace}/{secret_name} has been deleted")
|
||||||
|
except:
|
||||||
|
logger.warn(f"Could not delete secret {secret_namespace}/{secret_name}!")
|
||||||
|
@ -12,7 +12,7 @@ spec:
|
|||||||
shortNames:
|
shortNames:
|
||||||
- bws
|
- bws
|
||||||
versions:
|
versions:
|
||||||
- name: v1beta1
|
- name: v1beta2
|
||||||
served: true
|
served: true
|
||||||
storage: true
|
storage: true
|
||||||
schema:
|
schema:
|
||||||
@ -22,12 +22,27 @@ spec:
|
|||||||
spec:
|
spec:
|
||||||
type: object
|
type: object
|
||||||
properties:
|
properties:
|
||||||
type:
|
content:
|
||||||
|
type: array
|
||||||
|
items:
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
element:
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
secretName:
|
||||||
type: string
|
type: string
|
||||||
|
secretRef:
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- secretName
|
||||||
id:
|
id:
|
||||||
type: string
|
type: string
|
||||||
namespace:
|
namespace:
|
||||||
type: string
|
type: string
|
||||||
name:
|
name:
|
||||||
type: string
|
type: string
|
||||||
|
required:
|
||||||
|
- id
|
||||||
|
- namespace
|
||||||
|
- name
|
||||||
|
12
example.yaml
12
example.yaml
@ -1,10 +1,16 @@
|
|||||||
---
|
---
|
||||||
apiVersion: "lerentis.uploadfilter24.eu/v1beta1"
|
apiVersion: "lerentis.uploadfilter24.eu/v1beta2"
|
||||||
kind: BitwardenSecret
|
kind: BitwardenSecret
|
||||||
metadata:
|
metadata:
|
||||||
name: test
|
name: test
|
||||||
spec:
|
spec:
|
||||||
type: "password"
|
content:
|
||||||
id: "123456"
|
- element:
|
||||||
|
secretName: username
|
||||||
|
secretRef: nameofUser
|
||||||
|
- element:
|
||||||
|
secretName: password
|
||||||
|
secretRef: passwordOfUser
|
||||||
|
id: "88781348-c81c-4367-9801-550360c21295"
|
||||||
name: "test-secret"
|
name: "test-secret"
|
||||||
namespace: "default"
|
namespace: "default"
|
Loading…
Reference in New Issue
Block a user