free-key-value-definition #1

Merged
lerentis merged 3 commits from feature/free-key-value-definition into main 2022-10-03 14:00:12 +00:00
4 changed files with 63 additions and 20 deletions

View File

@ -39,12 +39,18 @@ And you are set to create your first secret using this operator. For that you ne
```yaml ```yaml
--- ---
apiVersion: "lerentis.uploadfilter24.eu/v1beta1" apiVersion: "lerentis.uploadfilter24.eu/v1beta2"
kind: BitwardenSecret kind: BitwardenSecret
metadata: metadata:
name: name-of-your-management-object name: name-of-your-management-object
spec: spec:
type: "UsernamePassword" content:
- element:
secretName: nameOfTheFieldInBitwarden # for example username
secretRef: nameOfTheKeyInTheSecretToBeCreated
- element:
secretName: nameOfAnotherFieldInBitwarden # for example password
secretRef: nameOfAnotherKeyInTheSecretToBeCreated
id: "A Secret ID from bitwarden" id: "A Secret ID from bitwarden"
name: "Name of the secret to be created" name: "Name of the secret to be created"
namespace: "Namespace of the secret to be created" namespace: "Namespace of the secret to be created"
@ -55,8 +61,8 @@ The ID can be extracted from the browser when you open a item the ID is in the U
```yaml ```yaml
apiVersion: v1 apiVersion: v1
data: data:
password: "base64 encoded password" nameOfTheKeyInTheSecretToBeCreated: "base64 encoded value of TheFieldInBitwarden"
username: "base64 encoded username" nameOfAnotherKeyInTheSecretToBeCreated: "base64 encoded value of AnotherFieldInBitwarden"
kind: Secret kind: Secret
metadata: metadata:
annotations: annotations:
@ -73,4 +79,4 @@ type: Opaque
[] offer option to use a existing secret in helm chart [] offer option to use a existing secret in helm chart
[] host chart on gh pages [] host chart on gh pages
[] write release pipeline [] write release pipeline
[] maybe extend spec to offer modification of keys as well [x] maybe extend spec to offer modification of keys as well

View File

@ -6,6 +6,8 @@ import os
import subprocess import subprocess
import json import json
from pprint import pprint
def get_secret_from_bitwarden(logger, id): def get_secret_from_bitwarden(logger, id):
return command_wrapper(logger, f"get item {id}") return command_wrapper(logger, f"get item {id}")
@ -33,9 +35,9 @@ def bitwarden_signin(logger, **kwargs):
unlock_bw(logger) unlock_bw(logger)
@kopf.on.create('bitwarden-secrets.lerentis.uploadfilter24.eu') @kopf.on.create('bitwarden-secrets.lerentis.uploadfilter24.eu')
def create_fn(spec, name, namespace, logger, **kwargs): def create_managed_secret(spec, name, namespace, logger, body, **kwargs):
type = spec.get('type') content_def = body['spec']['content']
id = spec.get('id') id = spec.get('id')
secret_name = spec.get('name') secret_name = spec.get('name')
secret_namespace = spec.get('namespace') secret_namespace = spec.get('namespace')
@ -53,10 +55,16 @@ def create_fn(spec, name, namespace, logger, **kwargs):
secret = kubernetes.client.V1Secret() secret = kubernetes.client.V1Secret()
secret.metadata = kubernetes.client.V1ObjectMeta(name=secret_name, annotations=annotations) secret.metadata = kubernetes.client.V1ObjectMeta(name=secret_name, annotations=annotations)
secret.type = "Opaque" secret.type = "Opaque"
secret.data = { secret.data = {}
'username': str(base64.b64encode(secret_json_object["login"]["username"].encode("utf-8")), "utf-8"), for eleml in content_def:
'password': str(base64.b64encode(secret_json_object["login"]["password"].encode("utf-8")), "utf-8") for k, elem in eleml.items():
} for key,value in elem.items():
if key == "secretName":
_secret_key = value
if key == "secretRef":
_secret_ref = value
secret.data[_secret_ref] = str(base64.b64encode(secret_json_object["login"][_secret_key].encode("utf-8")), "utf-8")
obj = api.create_namespaced_secret( obj = api.create_namespaced_secret(
secret_namespace, secret secret_namespace, secret
@ -70,5 +78,13 @@ def my_handler(spec, old, new, diff, **_):
pass pass
@kopf.on.delete('bitwarden-secrets.lerentis.uploadfilter24.eu') @kopf.on.delete('bitwarden-secrets.lerentis.uploadfilter24.eu')
def my_handler(spec, name, namespace, logger, **kwargs): def delete_managed_secret(spec, name, namespace, logger, **kwargs):
pass secret_name = spec.get('name')
secret_namespace = spec.get('namespace')
api = kubernetes.client.CoreV1Api()
try:
api.delete_namespaced_secret(secret_name, secret_namespace)
logger.info(f"Secret {secret_namespace}/{secret_name} has been deleted")
except:
logger.warn(f"Could not delete secret {secret_namespace}/{secret_name}!")

View File

@ -12,7 +12,7 @@ spec:
shortNames: shortNames:
- bws - bws
versions: versions:
- name: v1beta1 - name: v1beta2
served: true served: true
storage: true storage: true
schema: schema:
@ -22,12 +22,27 @@ spec:
spec: spec:
type: object type: object
properties: properties:
type: content:
type: array
items:
type: object
properties:
element:
type: object
properties:
secretName:
type: string type: string
secretRef:
type: string
required:
- secretName
id: id:
type: string type: string
namespace: namespace:
type: string type: string
name: name:
type: string type: string
required:
- id
- namespace
- name

View File

@ -1,10 +1,16 @@
--- ---
apiVersion: "lerentis.uploadfilter24.eu/v1beta1" apiVersion: "lerentis.uploadfilter24.eu/v1beta2"
kind: BitwardenSecret kind: BitwardenSecret
metadata: metadata:
name: test name: test
spec: spec:
type: "password" content:
id: "123456" - element:
secretName: username
secretRef: nameofUser
- element:
secretName: password
secretRef: passwordOfUser
id: "88781348-c81c-4367-9801-550360c21295"
name: "test-secret" name: "test-secret"
namespace: "default" namespace: "default"