1Password/onepassword-operator
1
0
Fork 0
mirror of https://github.com/1Password/onepassword-operator.git synced 2025-10-22 07:28:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Refactoring map of updated secrets to include secret

Browse Source
This commit is contained in:
jillianwilson
2021-02-26 10:45:30 -04:00
parent 10b7db3057
commit 0824aa0837
11 changed files with 47 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
deploy/crds/onepassword.com_v1_onepassworditem_cr.yaml
View File

@@ -2,5 +2,6 @@ apiVersion: onepassword.com/v1
kind: OnePasswordItem kind: OnePasswordItem
metadata: metadata:
name: example name: example
onepasswordoperator/auto_restart: "true"
spec: spec:
itemPath: "vaults/<vault_id>/items/<item_id>" itemPath: "vaults/<vault_id>/items/<item_id>"

4
pkg/controller/deployment/deployment_controller.go
View File

@@ -142,7 +142,7 @@ func (r *ReconcileDeployment) cleanupKubernetesSecretForDeployment(secretName st
if len(secretName) == 0 { if len(secretName) == 0 {
return nil return nil
} }
updatedSecrets := map[string]bool{secretName: true} updatedSecrets := map[string]*corev1.Secret{secretName: kubernetesSecret}
multipleDeploymentsUsingSecret, err := r.areMultipleDeploymentsUsingSecret(updatedSecrets, *deletedDeployment) multipleDeploymentsUsingSecret, err := r.areMultipleDeploymentsUsingSecret(updatedSecrets, *deletedDeployment)
if err != nil { if err != nil {
@@ -160,7 +160,7 @@ func (r *ReconcileDeployment) cleanupKubernetesSecretForDeployment(secretName st
return nil return nil
} }
func (r *ReconcileDeployment) areMultipleDeploymentsUsingSecret(updatedSecrets map[string]bool, deletedDeployment appsv1.Deployment) (bool, error) { func (r *ReconcileDeployment) areMultipleDeploymentsUsingSecret(updatedSecrets map[string]*corev1.Secret, deletedDeployment appsv1.Deployment) (bool, error) {
deployments := &appsv1.DeploymentList{} deployments := &appsv1.DeploymentList{}
opts := []client.ListOption{ opts := []client.ListOption{
client.InNamespace(deletedDeployment.Namespace), client.InNamespace(deletedDeployment.Namespace),

3
pkg/onepassword/annotations.go
View File

@@ -4,6 +4,7 @@ import (
"regexp" "regexp"
appsv1 "k8s.io/api/apps/v1" appsv1 "k8s.io/api/apps/v1"
corev1 "k8s.io/api/core/v1"
) )
const ( const (
@@ -42,7 +43,7 @@ func FilterAnnotations(annotations map[string]string, regex *regexp.Regexp) map[
return filteredAnnotations return filteredAnnotations
} }
func AreAnnotationsUsingSecrets(annotations map[string]string, secrets map[string]bool) bool { func AreAnnotationsUsingSecrets(annotations map[string]string, secrets map[string]*corev1.Secret) bool {
_, ok := secrets[annotations[NameAnnotation]] _, ok := secrets[annotations[NameAnnotation]]
if ok { if ok {
return true return true

2
pkg/onepassword/containers.go
View File

@@ -2,7 +2,7 @@ package onepassword
import corev1 "k8s.io/api/core/v1" import corev1 "k8s.io/api/core/v1"
func AreContainersUsingSecrets(containers []corev1.Container, secrets map[string]bool) bool { func AreContainersUsingSecrets(containers []corev1.Container, secrets map[string]*corev1.Secret) bool {
for i := 0; i < len(containers); i++ { for i := 0; i < len(containers); i++ {
envVariables := containers[i].Env envVariables := containers[i].Env
for j := 0; j < len(envVariables); j++ { for j := 0; j < len(envVariables); j++ {

14
pkg/onepassword/containers_test.go
View File

@@ -2,12 +2,14 @@ package onepassword
import ( import (
"testing" "testing"
corev1 "k8s.io/api/core/v1"
) )
func TestAreContainersUsingSecrets(t *testing.T) { func TestAreContainersUsingSecrets(t *testing.T) {
secretNamesToSearch := map[string]bool{ secretNamesToSearch := map[string]*corev1.Secret{
"onepassword-database-secret": true, "onepassword-database-secret": &corev1.Secret{},
"onepassword-api-key": true, "onepassword-api-key": &corev1.Secret{},
} }
containerSecretNames := []string{ containerSecretNames := []string{
@@ -24,9 +26,9 @@ func TestAreContainersUsingSecrets(t *testing.T) {
} }
func TestAreContainersNotUsingSecrets(t *testing.T) { func TestAreContainersNotUsingSecrets(t *testing.T) {
secretNamesToSearch := map[string]bool{ secretNamesToSearch := map[string]*corev1.Secret{
"onepassword-database-secret": true, "onepassword-database-secret": &corev1.Secret{},
"onepassword-api-key": true, "onepassword-api-key": &corev1.Secret{},
} }
containerSecretNames := []string{ containerSecretNames := []string{

7
pkg/onepassword/deployments.go
View File

@@ -1,8 +1,11 @@
package onepassword package onepassword
import appsv1 "k8s.io/api/apps/v1" import (
appsv1 "k8s.io/api/apps/v1"
corev1 "k8s.io/api/core/v1"
)
func IsDeploymentUsingSecrets(deployment *appsv1.Deployment, secrets map[string]bool) bool { func IsDeploymentUsingSecrets(deployment *appsv1.Deployment, secrets map[string]*corev1.Secret) bool {
volumes := deployment.Spec.Template.Spec.Volumes volumes := deployment.Spec.Template.Spec.Volumes
containers := deployment.Spec.Template.Spec.Containers containers := deployment.Spec.Template.Spec.Containers
containers = append(containers, deployment.Spec.Template.Spec.InitContainers...) containers = append(containers, deployment.Spec.Template.Spec.InitContainers...)

19
pkg/onepassword/deployments_test.go
View File

@@ -4,12 +4,13 @@ import (
"testing" "testing"
appsv1 "k8s.io/api/apps/v1" appsv1 "k8s.io/api/apps/v1"
corev1 "k8s.io/api/core/v1"
) )
func TestIsDeploymentUsingSecretsUsingVolumes(t *testing.T) { func TestIsDeploymentUsingSecretsUsingVolumes(t *testing.T) {
secretNamesToSearch := map[string]bool{ secretNamesToSearch := map[string]*corev1.Secret{
"onepassword-database-secret": true, "onepassword-database-secret": &corev1.Secret{},
"onepassword-api-key": true, "onepassword-api-key": &corev1.Secret{},
} }
volumeSecretNames := []string{ volumeSecretNames := []string{
@@ -26,9 +27,9 @@ func TestIsDeploymentUsingSecretsUsingVolumes(t *testing.T) {
} }
func TestIsDeploymentUsingSecretsUsingContainers(t *testing.T) { func TestIsDeploymentUsingSecretsUsingContainers(t *testing.T) {
secretNamesToSearch := map[string]bool{ secretNamesToSearch := map[string]*corev1.Secret{
"onepassword-database-secret": true, "onepassword-database-secret": &corev1.Secret{},
"onepassword-api-key": true, "onepassword-api-key": &corev1.Secret{},
} }
containerSecretNames := []string{ containerSecretNames := []string{
@@ -45,9 +46,9 @@ func TestIsDeploymentUsingSecretsUsingContainers(t *testing.T) {
} }
func TestIsDeploymentNotUSingSecrets(t *testing.T) { func TestIsDeploymentNotUSingSecrets(t *testing.T) {
secretNamesToSearch := map[string]bool{ secretNamesToSearch := map[string]*corev1.Secret{
"onepassword-database-secret": true, "onepassword-database-secret": &corev1.Secret{},
"onepassword-api-key": true, "onepassword-api-key": &corev1.Secret{},
} }
deployment := &appsv1.Deployment{} deployment := &appsv1.Deployment{}

12
pkg/onepassword/secret_update_handler.go
View File

@@ -45,7 +45,7 @@ func (h *SecretUpdateHandler) UpdateKubernetesSecretsTask() error {
return h.restartDeploymentsWithUpdatedSecrets(updatedKubernetesSecrets) return h.restartDeploymentsWithUpdatedSecrets(updatedKubernetesSecrets)
} }
func (h *SecretUpdateHandler) restartDeploymentsWithUpdatedSecrets(updatedSecretsByNamespace map[string]map[string]bool) error { func (h *SecretUpdateHandler) restartDeploymentsWithUpdatedSecrets(updatedSecretsByNamespace map[string]map[string]*corev1.Secret) error {
// No secrets to update. Exit // No secrets to update. Exit
if len(updatedSecretsByNamespace) == 0 || updatedSecretsByNamespace == nil { if len(updatedSecretsByNamespace) == 0 || updatedSecretsByNamespace == nil {
return nil return nil
@@ -94,7 +94,7 @@ func (h *SecretUpdateHandler) restartDeployment(deployment *appsv1.Deployment) {
} }
} }
func (h *SecretUpdateHandler) updateKubernetesSecrets() (map[string]map[string]bool, error) { func (h *SecretUpdateHandler) updateKubernetesSecrets() (map[string]map[string]*corev1.Secret, error) {
secrets := &corev1.SecretList{} secrets := &corev1.SecretList{}
err := h.client.List(context.Background(), secrets) err := h.client.List(context.Background(), secrets)
if err != nil { if err != nil {
@@ -102,7 +102,7 @@ func (h *SecretUpdateHandler) updateKubernetesSecrets() (map[string]map[string]b
return nil, err return nil, err
} }
updatedSecrets := map[string]map[string]bool{} updatedSecrets := map[string]map[string]*corev1.Secret{}
for i := 0; i < len(secrets.Items); i++ { for i := 0; i < len(secrets.Items); i++ {
secret := secrets.Items[i] secret := secrets.Items[i]
@@ -130,9 +130,9 @@ func (h *SecretUpdateHandler) updateKubernetesSecrets() (map[string]map[string]b
updatedSecret := kubeSecrets.BuildKubernetesSecretFromOnePasswordItem(secret.Name, secret.Namespace, secret.Annotations, *item) updatedSecret := kubeSecrets.BuildKubernetesSecretFromOnePasswordItem(secret.Name, secret.Namespace, secret.Annotations, *item)
h.client.Update(context.Background(), updatedSecret) h.client.Update(context.Background(), updatedSecret)
if updatedSecrets[secret.Namespace] == nil { if updatedSecrets[secret.Namespace] == nil {
updatedSecrets[secret.Namespace] = make(map[string]bool) updatedSecrets[secret.Namespace] = make(map[string]*corev1.Secret)
} }
updatedSecrets[secret.Namespace][secret.Name] = true updatedSecrets[secret.Namespace][secret.Name] = &secret
} }
} }
return updatedSecrets, nil return updatedSecrets, nil
@@ -148,7 +148,7 @@ func isItemLockedForForcedRestarts(item *onepassword.Item) bool {
return false return false
} }
func isUpdatedSecret(secretName string, updatedSecrets map[string]bool) bool { func isUpdatedSecret(secretName string, updatedSecrets map[string]*corev1.Secret) bool {
_, ok := updatedSecrets[secretName] _, ok := updatedSecrets[secretName]
if ok { if ok {
return true return true

6
pkg/onepassword/secret_update_handler_test.go
View File

@@ -694,12 +694,12 @@ func TestUpdateSecretHandler(t *testing.T) {
func TestIsUpdatedSecret(t *testing.T) { func TestIsUpdatedSecret(t *testing.T) {
secretName := "test-secret" secretName := "test-secret"
updatedSecrets := map[string]bool{ updatedSecrets := map[string]*corev1.Secret{
"some_secret": true, "some_secret": &corev1.Secret{},
} }
assert.False(t, isUpdatedSecret(secretName, updatedSecrets)) assert.False(t, isUpdatedSecret(secretName, updatedSecrets))
updatedSecrets[secretName] = true updatedSecrets[secretName] = &corev1.Secret{}
assert.True(t, isUpdatedSecret(secretName, updatedSecrets)) assert.True(t, isUpdatedSecret(secretName, updatedSecrets))
} }

2
pkg/onepassword/volumes.go
View File

@@ -2,7 +2,7 @@ package onepassword
import corev1 "k8s.io/api/core/v1" import corev1 "k8s.io/api/core/v1"
func AreVolumesUsingSecrets(volumes []corev1.Volume, secrets map[string]bool) bool { func AreVolumesUsingSecrets(volumes []corev1.Volume, secrets map[string]*corev1.Secret) bool {
for i := 0; i < len(volumes); i++ { for i := 0; i < len(volumes); i++ {
if secret := volumes[i].Secret; secret != nil { if secret := volumes[i].Secret; secret != nil {
secretName := secret.SecretName secretName := secret.SecretName

14
pkg/onepassword/volumes_test.go
View File

@@ -2,12 +2,14 @@ package onepassword
import ( import (
"testing" "testing"
corev1 "k8s.io/api/core/v1"
) )
func TestAreVolmesUsingSecrets(t *testing.T) { func TestAreVolmesUsingSecrets(t *testing.T) {
secretNamesToSearch := map[string]bool{ secretNamesToSearch := map[string]*corev1.Secret{
"onepassword-database-secret": true, "onepassword-database-secret": &corev1.Secret{},
"onepassword-api-key": true, "onepassword-api-key": &corev1.Secret{},
} }
volumeSecretNames := []string{ volumeSecretNames := []string{
@@ -24,9 +26,9 @@ func TestAreVolmesUsingSecrets(t *testing.T) {
} }
func TestAreVolumesNotUsingSecrets(t *testing.T) { func TestAreVolumesNotUsingSecrets(t *testing.T) {
secretNamesToSearch := map[string]bool{ secretNamesToSearch := map[string]*corev1.Secret{
"onepassword-database-secret": true, "onepassword-database-secret": &corev1.Secret{},
"onepassword-api-key": true, "onepassword-api-key": &corev1.Secret{},
} }
volumeSecretNames := []string{ volumeSecretNames := []string{