diff --git a/.VERSION b/.VERSION index abb1658..b9268da 100644 --- a/.VERSION +++ b/.VERSION @@ -1 +1 @@ -1.9.0 \ No newline at end of file +1.8.1 \ No newline at end of file diff --git a/CHANGELOG.md b/CHANGELOG.md index 7aa83ba..090d1f6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,14 +12,6 @@ --- -[//]: # (START/v1.9.0) -# v1.9.0 - -## Features - * Support Service Accounts. {#160} - ---- - [//]: # (START/v1.8.1) # v1.8.1 diff --git a/Dockerfile b/Dockerfile index 385d016..86e2234 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,7 +24,7 @@ COPY version/ version/ # the docker BUILDPLATFORM arg will be linux/arm64 when for Apple x86 it will be linux/amd64. Therefore, # by leaving it empty we can ensure that the container and binary shipped on it will have the same platform. RUN CGO_ENABLED=0 \ - GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} GO111MODULE=on \ + GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} \ go build \ -ldflags "-X \"github.com/1Password/onepassword-operator/version.Version=$operator_version\"" \ -a -o manager cmd/main.go diff --git a/USAGEGUIDE.md b/USAGEGUIDE.md index b94a9e1..8b155c8 100644 --- a/USAGEGUIDE.md +++ b/USAGEGUIDE.md @@ -107,7 +107,8 @@ containers: --- -## [Usage examples](https://developer.1password.com/docs/k8s/operator/?deployment-type=manual#usage-examples) +## Usage examples +Find usage [examples](https://developer.1password.com/docs/k8s/operator/?deployment-type=manual#usage-examples) on 1Password developer documentation. --- diff --git a/cmd/main.go b/cmd/main.go index bdfd60b..b1a258c 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -156,7 +156,10 @@ func main() { } // Setup One Password Client - opClient, err := opclient.NewClient(ctx, version.OperatorVersion) + opClient, err := opclient.NewFromEnvironment(ctx, opclient.Config{ + Logger: setupLog, + Version: version.OperatorVersion, + }) if err != nil { setupLog.Error(err, "unable to create 1Password client") os.Exit(1) diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 70e65ee..07a6442 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -75,25 +75,33 @@ spec: image: 1password/onepassword-operator:latest name: manager env: - - name: WATCH_NAMESPACE - value: "default" + - name: OPERATOR_NAME + value: "onepassword-connect-operator" - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - - name: OPERATOR_NAME - value: "onepassword-connect-operator" - - name: OP_CONNECT_HOST - value: "http://onepassword-connect:8080" + - name: WATCH_NAMESPACE + value: "default" - name: POLLING_INTERVAL value: "10" + - name: AUTO_RESTART + value: "false" + - name: OP_CONNECT_HOST + value: "http://onepassword-connect:8080" - name: OP_CONNECT_TOKEN valueFrom: secretKeyRef: name: onepassword-token key: token - - name: AUTO_RESTART + - name: MANAGE_CONNECT value: "false" +# Uncomment the following lines to enable service account token and comment out the OP_CONNECT_TOKEN, OP_CONNECT_HOST and MANAGE_CONNECT env vars. +# - name: OP_SERVICE_ACCOUNT_TOKEN +# valueFrom: +# secretKeyRef: +# name: onepassword-service-account-token +# key: token securityContext: allowPrivilegeEscalation: false capabilities: diff --git a/internal/controller/suite_test.go b/internal/controller/suite_test.go index 8791e6a..f8d1232 100644 --- a/internal/controller/suite_test.go +++ b/internal/controller/suite_test.go @@ -26,7 +26,6 @@ package controller import ( "context" - "github.com/stretchr/testify/mock" "path/filepath" "regexp" "testing" @@ -34,6 +33,7 @@ import ( . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" + "github.com/stretchr/testify/mock" "k8s.io/client-go/kubernetes/scheme" "k8s.io/client-go/rest" diff --git a/pkg/kubernetessecrets/kubernetes_secrets_builder.go b/pkg/kubernetessecrets/kubernetes_secrets_builder.go index 429d93e..3105d2a 100644 --- a/pkg/kubernetessecrets/kubernetes_secrets_builder.go +++ b/pkg/kubernetessecrets/kubernetes_secrets_builder.go @@ -2,16 +2,13 @@ package kubernetessecrets import ( "context" + errs "errors" "fmt" - "github.com/1Password/onepassword-operator/pkg/onepassword/model" - + "reflect" "regexp" "strings" - "reflect" - - errs "errors" - + "github.com/1Password/onepassword-operator/pkg/onepassword/model" "github.com/1Password/onepassword-operator/pkg/utils" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/errors" diff --git a/pkg/onepassword/client/client.go b/pkg/onepassword/client/client.go index 10ec58b..94ee4b7 100644 --- a/pkg/onepassword/client/client.go +++ b/pkg/onepassword/client/client.go @@ -3,9 +3,10 @@ package client import ( "context" "errors" - "fmt" "os" + "github.com/go-logr/logr" + "github.com/1Password/onepassword-operator/pkg/onepassword/client/connect" "github.com/1Password/onepassword-operator/pkg/onepassword/client/sdk" "github.com/1Password/onepassword-operator/pkg/onepassword/model" @@ -19,8 +20,13 @@ type Client interface { GetVaultsByTitle(ctx context.Context, title string) ([]model.Vault, error) } -// NewClient creates a new 1Password client based on the provided configuration. -func NewClient(ctx context.Context, integrationVersion string) (Client, error) { +type Config struct { + Logger logr.Logger + Version string +} + +// NewFromEnvironment creates a new 1Password client based on the provided configuration. +func NewFromEnvironment(ctx context.Context, cfg Config) (Client, error) { connectHost, _ := os.LookupEnv("OP_CONNECT_HOST") connectToken, _ := os.LookupEnv("OP_CONNECT_TOKEN") serviceAccountToken, _ := os.LookupEnv("OP_SERVICE_ACCOUNT_TOKEN") @@ -30,16 +36,16 @@ func NewClient(ctx context.Context, integrationVersion string) (Client, error) { } if serviceAccountToken != "" { - fmt.Printf("Using Service Account Token") + cfg.Logger.Info("Using Service Account Token") return sdk.NewClient(ctx, sdk.Config{ ServiceAccountToken: serviceAccountToken, IntegrationName: "1password-operator", - IntegrationVersion: integrationVersion, + IntegrationVersion: cfg.Version, }) } if connectHost != "" && connectToken != "" { - fmt.Printf("Using Connect") + cfg.Logger.Info("Using 1Password Connect") return connect.NewClient(connect.Config{ ConnectHost: connectHost, ConnectToken: connectToken, diff --git a/pkg/onepassword/client/connect/connect.go b/pkg/onepassword/client/connect/connect.go index efa49ed..f528e5c 100644 --- a/pkg/onepassword/client/connect/connect.go +++ b/pkg/onepassword/client/connect/connect.go @@ -13,7 +13,6 @@ import ( type Config struct { ConnectHost string ConnectToken string - UserAgent string } // Connect is a client for interacting with 1Password using the Connect API. @@ -31,7 +30,7 @@ func NewClient(config Config) *Connect { func (c *Connect) GetItemByID(ctx context.Context, vaultID, itemID string) (*model.Item, error) { connectItem, err := c.client.GetItemByUUID(itemID, vaultID) if err != nil { - return nil, fmt.Errorf("1password Connect error: %w", err) + return nil, fmt.Errorf("1Password Connect error: %w", err) } var item model.Item @@ -43,14 +42,14 @@ func (c *Connect) GetItemsByTitle(ctx context.Context, vaultID, itemTitle string // Get all items in the vault with the specified title connectItems, err := c.client.GetItemsByTitle(itemTitle, vaultID) if err != nil { - return nil, fmt.Errorf("1password Connect error: %w", err) + return nil, fmt.Errorf("1Password Connect error: %w", err) } - var items []model.Item - for _, connectItem := range connectItems { + items := make([]model.Item, len(connectItems)) + for i, connectItem := range connectItems { var item model.Item item.FromConnectItem(&connectItem) - items = append(items, item) + items[i] = item } return items, nil @@ -61,7 +60,7 @@ func (c *Connect) GetFileContent(ctx context.Context, vaultID, itemID, fileID st ContentPath: fmt.Sprintf("/v1/vaults/%s/items/%s/files/%s/content", vaultID, itemID, fileID), }) if err != nil { - return nil, fmt.Errorf("1password Connect error: %w", err) + return nil, fmt.Errorf("1Password Connect error: %w", err) } return bytes, nil @@ -70,7 +69,7 @@ func (c *Connect) GetFileContent(ctx context.Context, vaultID, itemID, fileID st func (c *Connect) GetVaultsByTitle(ctx context.Context, vaultQuery string) ([]model.Vault, error) { connectVaults, err := c.client.GetVaultsByTitle(vaultQuery) if err != nil { - return nil, fmt.Errorf("1password Connect error: %w", err) + return nil, fmt.Errorf("1Password Connect error: %w", err) } var vaults []model.Vault @@ -81,6 +80,5 @@ func (c *Connect) GetVaultsByTitle(ctx context.Context, vaultQuery string) ([]mo vaults = append(vaults, vault) } } - return vaults, nil } diff --git a/pkg/onepassword/client/connect/connect_test.go b/pkg/onepassword/client/connect/connect_test.go index eafb481..84c6434 100644 --- a/pkg/onepassword/client/connect/connect_test.go +++ b/pkg/onepassword/client/connect/connect_test.go @@ -4,6 +4,7 @@ import ( "context" "errors" "testing" + "time" "github.com/stretchr/testify/require" @@ -160,6 +161,7 @@ func TestConnect_GetFileContent(t *testing.T) { } func TestConnect_GetVaultsByTitle(t *testing.T) { + now := time.Now() testCases := map[string]struct { mockClient func() *mock.ConnectClientMock check func(t *testing.T, vaults []model.Vault, err error) @@ -169,12 +171,14 @@ func TestConnect_GetVaultsByTitle(t *testing.T) { mockConnectClient := &mock.ConnectClientMock{} mockConnectClient.On("GetVaultsByTitle", VaultTitleEmployee).Return([]onepassword.Vault{ { - ID: "test-id", - Name: VaultTitleEmployee, + ID: "test-id", + Name: VaultTitleEmployee, + CreatedAt: now, }, { - ID: "test-id-2", - Name: "Some other vault", + ID: "test-id-2", + Name: "Some other vault", + CreatedAt: now, }, }, nil) return mockConnectClient @@ -183,6 +187,7 @@ func TestConnect_GetVaultsByTitle(t *testing.T) { require.NoError(t, err) require.Len(t, vaults, 1) require.Equal(t, "test-id", vaults[0].ID) + require.Equal(t, now, vaults[0].CreatedAt) }, }, "should return a two vaults": { @@ -190,12 +195,14 @@ func TestConnect_GetVaultsByTitle(t *testing.T) { mockConnectClient := &mock.ConnectClientMock{} mockConnectClient.On("GetVaultsByTitle", VaultTitleEmployee).Return([]onepassword.Vault{ { - ID: "test-id", - Name: VaultTitleEmployee, + ID: "test-id", + Name: VaultTitleEmployee, + CreatedAt: now, }, { - ID: "test-id-2", - Name: VaultTitleEmployee, + ID: "test-id-2", + Name: VaultTitleEmployee, + CreatedAt: now, }, }, nil) return mockConnectClient @@ -205,8 +212,10 @@ func TestConnect_GetVaultsByTitle(t *testing.T) { require.Len(t, vaults, 2) // Check the first vault require.Equal(t, "test-id", vaults[0].ID) + require.Equal(t, now, vaults[0].CreatedAt) // Check the second vault require.Equal(t, "test-id-2", vaults[1].ID) + require.Equal(t, now, vaults[1].CreatedAt) }, }, "should return an error": { diff --git a/pkg/onepassword/client/sdk/sdk.go b/pkg/onepassword/client/sdk/sdk.go index 588d147..6c90700 100644 --- a/pkg/onepassword/client/sdk/sdk.go +++ b/pkg/onepassword/client/sdk/sdk.go @@ -26,7 +26,7 @@ func NewClient(ctx context.Context, config Config) (*SDK, error) { sdk.WithIntegrationInfo(config.IntegrationName, config.IntegrationVersion), ) if err != nil { - return nil, fmt.Errorf("1password sdk error: %w", err) + return nil, fmt.Errorf("1Password sdk error: %w", err) } return &SDK{ @@ -37,7 +37,7 @@ func NewClient(ctx context.Context, config Config) (*SDK, error) { func (s *SDK) GetItemByID(ctx context.Context, vaultID, itemID string) (*model.Item, error) { sdkItem, err := s.client.Items().Get(ctx, vaultID, itemID) if err != nil { - return nil, fmt.Errorf("1password sdk error: %w", err) + return nil, fmt.Errorf("1Password sdk error: %w", err) } var item model.Item @@ -49,7 +49,7 @@ func (s *SDK) GetItemsByTitle(ctx context.Context, vaultID, itemTitle string) ([ // Get all items in the vault sdkItems, err := s.client.Items().List(ctx, vaultID) if err != nil { - return nil, fmt.Errorf("1password sdk error: %w", err) + return nil, fmt.Errorf("1Password sdk error: %w", err) } // Filter items by title @@ -70,7 +70,7 @@ func (s *SDK) GetFileContent(ctx context.Context, vaultID, itemID, fileID string ID: fileID, }) if err != nil { - return nil, fmt.Errorf("1password sdk error: %w", err) + return nil, fmt.Errorf("1Password sdk error: %w", err) } return bytes, nil @@ -80,7 +80,7 @@ func (s *SDK) GetVaultsByTitle(ctx context.Context, title string) ([]model.Vault // List all vaults sdkVaults, err := s.client.Vaults().List(ctx) if err != nil { - return nil, fmt.Errorf("1password sdk error: %w", err) + return nil, fmt.Errorf("1Password sdk error: %w", err) } // Filter vaults by title diff --git a/pkg/onepassword/client/sdk/sdk_test.go b/pkg/onepassword/client/sdk/sdk_test.go index 91c2a21..9ef362b 100644 --- a/pkg/onepassword/client/sdk/sdk_test.go +++ b/pkg/onepassword/client/sdk/sdk_test.go @@ -4,6 +4,7 @@ import ( "context" "errors" "testing" + "time" "github.com/stretchr/testify/mock" "github.com/stretchr/testify/require" @@ -23,7 +24,7 @@ func TestSDK_GetItemByID(t *testing.T) { mockItemAPI func() *clientmock.ItemAPIMock check func(t *testing.T, item *model.Item, err error) }{ - "should return a single vault": { + "should return a single item": { mockItemAPI: func() *clientmock.ItemAPIMock { m := &clientmock.ItemAPIMock{} m.On("Get", context.Background(), "vault-id", "item-id").Return(*sdkItem, nil) @@ -103,6 +104,17 @@ func TestSDK_GetItemsByTitle(t *testing.T) { clienttesting.CheckSDKItemOverviewMapping(t, sdkItem2, &items[1]) }, }, + "should return empty list": { + mockItemAPI: func() *clientmock.ItemAPIMock { + m := &clientmock.ItemAPIMock{} + m.On("List", context.Background(), "vault-id", mock.Anything).Return([]sdk.ItemOverview{}, nil) + return m + }, + check: func(t *testing.T, items []model.Item, err error) { + require.NoError(t, err) + require.Len(t, items, 0) + }, + }, "should return an error": { mockItemAPI: func() *clientmock.ItemAPIMock { m := &clientmock.ItemAPIMock{} @@ -191,8 +203,8 @@ func TestSDK_GetFileContent(t *testing.T) { } } -// TODO: check CreatedAt as soon as a new SDK version returns it func TestSDK_GetVaultsByTitle(t *testing.T) { + now := time.Now() testCases := map[string]struct { mockVaultAPI func() *clientmock.VaultAPIMock check func(t *testing.T, vaults []model.Vault, err error) @@ -202,12 +214,14 @@ func TestSDK_GetVaultsByTitle(t *testing.T) { m := &clientmock.VaultAPIMock{} m.On("List", context.Background()).Return([]sdk.VaultOverview{ { - ID: "test-id", - Title: VaultTitleEmployee, + ID: "test-id", + Title: VaultTitleEmployee, + CreatedAt: now, }, { - ID: "test-id-2", - Title: "Some other vault", + ID: "test-id-2", + Title: "Some other vault", + CreatedAt: now, }, }, nil) return m @@ -216,6 +230,7 @@ func TestSDK_GetVaultsByTitle(t *testing.T) { require.NoError(t, err) require.Len(t, vaults, 1) require.Equal(t, "test-id", vaults[0].ID) + require.Equal(t, now, vaults[0].CreatedAt) }, }, "should return a two vaults": { @@ -223,12 +238,14 @@ func TestSDK_GetVaultsByTitle(t *testing.T) { m := &clientmock.VaultAPIMock{} m.On("List", context.Background()).Return([]sdk.VaultOverview{ { - ID: "test-id", - Title: VaultTitleEmployee, + ID: "test-id", + Title: VaultTitleEmployee, + CreatedAt: now, }, { - ID: "test-id-2", - Title: VaultTitleEmployee, + ID: "test-id-2", + Title: VaultTitleEmployee, + CreatedAt: now, }, }, nil) return m @@ -238,8 +255,10 @@ func TestSDK_GetVaultsByTitle(t *testing.T) { require.Len(t, vaults, 2) // Check the first vault require.Equal(t, "test-id", vaults[0].ID) + require.Equal(t, now, vaults[0].CreatedAt) // Check the second vault require.Equal(t, "test-id-2", vaults[1].ID) + require.Equal(t, now, vaults[1].CreatedAt) }, }, "should return an error": { diff --git a/pkg/onepassword/client/testing/mock/connect.go b/pkg/onepassword/client/testing/mock/connect.go index a38c4f6..e511c64 100644 --- a/pkg/onepassword/client/testing/mock/connect.go +++ b/pkg/onepassword/client/testing/mock/connect.go @@ -12,7 +12,7 @@ type ConnectClientMock struct { } func (c *ConnectClientMock) GetVaults() ([]onepassword.Vault, error) { - //TODO implement me + // Only implement this if mocking is needed panic("implement me") } @@ -22,12 +22,12 @@ func (c *ConnectClientMock) GetVault(uuid string) (*onepassword.Vault, error) { } func (c *ConnectClientMock) GetVaultByUUID(uuid string) (*onepassword.Vault, error) { - //TODO implement me + // Only implement this if mocking is needed panic("implement me") } func (c *ConnectClientMock) GetVaultByTitle(title string) (*onepassword.Vault, error) { - //TODO implement me + // Only implement this if mocking is needed panic("implement me") } @@ -37,12 +37,12 @@ func (c *ConnectClientMock) GetVaultsByTitle(title string) ([]onepassword.Vault, } func (c *ConnectClientMock) GetItems(vaultQuery string) ([]onepassword.Item, error) { - //TODO implement me + // Only implement this if mocking is needed panic("implement me") } func (c *ConnectClientMock) GetItem(itemQuery, vaultQuery string) (*onepassword.Item, error) { - //TODO implement me + // Only implement this if mocking is needed panic("implement me") } @@ -52,7 +52,7 @@ func (c *ConnectClientMock) GetItemByUUID(uuid string, vaultQuery string) (*onep } func (c *ConnectClientMock) GetItemByTitle(title string, vaultQuery string) (*onepassword.Item, error) { - //TODO implement me + // Only implement this if mocking is needed panic("implement me") } @@ -62,37 +62,37 @@ func (c *ConnectClientMock) GetItemsByTitle(title string, vaultQuery string) ([] } func (c *ConnectClientMock) CreateItem(item *onepassword.Item, vaultQuery string) (*onepassword.Item, error) { - //TODO implement me + // Only implement this if mocking is needed panic("implement me") } func (c *ConnectClientMock) UpdateItem(item *onepassword.Item, vaultQuery string) (*onepassword.Item, error) { - //TODO implement me + // Only implement this if mocking is needed panic("implement me") } func (c *ConnectClientMock) DeleteItem(item *onepassword.Item, vaultQuery string) error { - //TODO implement me + // Only implement this if mocking is needed panic("implement me") } func (c *ConnectClientMock) DeleteItemByID(itemUUID string, vaultQuery string) error { - //TODO implement me + // Only implement this if mocking is needed panic("implement me") } func (c *ConnectClientMock) DeleteItemByTitle(title string, vaultQuery string) error { - //TODO implement me + // Only implement this if mocking is needed panic("implement me") } func (c *ConnectClientMock) GetFiles(itemQuery string, vaultQuery string) ([]onepassword.File, error) { - //TODO implement me + // Only implement this if mocking is needed panic("implement me") } func (c *ConnectClientMock) GetFile(uuid string, itemQuery string, vaultQuery string) (*onepassword.File, error) { - //TODO implement me + // Only implement this if mocking is needed panic("implement me") } @@ -105,26 +105,26 @@ func (c *ConnectClientMock) GetFileContent(file *onepassword.File) ([]byte, erro } func (c *ConnectClientMock) DownloadFile(file *onepassword.File, targetDirectory string, overwrite bool) (string, error) { - //TODO implement me + // Only implement this if mocking is needed panic("implement me") } func (c *ConnectClientMock) LoadStructFromItemByUUID(config interface{}, itemUUID string, vaultQuery string) error { - //TODO implement me + // Only implement this if mocking is needed panic("implement me") } func (c *ConnectClientMock) LoadStructFromItemByTitle(config interface{}, itemTitle string, vaultQuery string) error { - //TODO implement me + // Only implement this if mocking is needed panic("implement me") } func (c *ConnectClientMock) LoadStructFromItem(config interface{}, itemQuery string, vaultQuery string) error { - //TODO implement me + // Only implement this if mocking is needed panic("implement me") } func (c *ConnectClientMock) LoadStruct(config interface{}) error { - //TODO implement me + // Only implement this if mocking is needed panic("implement me") } diff --git a/pkg/onepassword/items.go b/pkg/onepassword/items.go index 6b4a983..fb660fd 100644 --- a/pkg/onepassword/items.go +++ b/pkg/onepassword/items.go @@ -14,18 +14,18 @@ import ( var logger = logf.Log.WithName("retrieve_item") func GetOnePasswordItemByPath(ctx context.Context, opClient opclient.Client, path string) (*model.Item, error) { - vaultIdentifier, itemIdentifier, err := ParseVaultAndItemFromPath(path) + vaultNameOrID, itemNameOrID, err := ParseVaultAndItemFromPath(path) if err != nil { return nil, err } - vaultID, err := getVaultID(ctx, opClient, vaultIdentifier) + vaultID, err := getVaultID(ctx, opClient, vaultNameOrID) if err != nil { - return nil, fmt.Errorf("failed to 'getVaultID' for vaultIdentifier='%s': %w", vaultIdentifier, err) + return nil, fmt.Errorf("failed to 'getVaultID' for vaultNameOrID='%s': %w", vaultNameOrID, err) } - itemID, err := getItemID(ctx, opClient, vaultID, itemIdentifier) + itemID, err := getItemID(ctx, opClient, vaultID, itemNameOrID) if err != nil { - return nil, fmt.Errorf("faild to 'getItemID' for vaultID='%s' and itemIdentifier='%s': %w", vaultID, itemIdentifier, err) + return nil, fmt.Errorf("faild to 'getItemID' for vaultID='%s' and itemNameOrID='%s': %w", vaultID, itemNameOrID, err) } item, err := opClient.GetItemByID(ctx, vaultID, itemID) @@ -51,15 +51,15 @@ func ParseVaultAndItemFromPath(path string) (string, string, error) { return "", "", fmt.Errorf("%q is not an acceptable path for One Password item. Must be of the format: `vaults/{vault_id}/items/{item_id}`", path) } -func getVaultID(ctx context.Context, client opclient.Client, vaultIdentifier string) (string, error) { - if !IsValidClientUUID(vaultIdentifier) { - vaults, err := client.GetVaultsByTitle(ctx, vaultIdentifier) +func getVaultID(ctx context.Context, client opclient.Client, vaultNameOrID string) (string, error) { + if !IsValidClientUUID(vaultNameOrID) { + vaults, err := client.GetVaultsByTitle(ctx, vaultNameOrID) if err != nil { return "", err } if len(vaults) == 0 { - return "", fmt.Errorf("No vaults found with identifier %q", vaultIdentifier) + return "", fmt.Errorf("No vaults found with identifier %q", vaultNameOrID) } oldestVault := vaults[0] @@ -69,22 +69,22 @@ func getVaultID(ctx context.Context, client opclient.Client, vaultIdentifier str oldestVault = returnedVault } } - logger.Info(fmt.Sprintf("%v 1Password vaults found with the title %q. Will use vault %q as it is the oldest.", len(vaults), vaultIdentifier, oldestVault.ID)) + logger.Info(fmt.Sprintf("%v 1Password vaults found with the title %q. Will use vault %q as it is the oldest.", len(vaults), vaultNameOrID, oldestVault.ID)) } - vaultIdentifier = oldestVault.ID + vaultNameOrID = oldestVault.ID } - return vaultIdentifier, nil + return vaultNameOrID, nil } -func getItemID(ctx context.Context, client opclient.Client, vaultId, itemIdentifier string) (string, error) { - if !IsValidClientUUID(itemIdentifier) { - items, err := client.GetItemsByTitle(ctx, vaultId, itemIdentifier) +func getItemID(ctx context.Context, client opclient.Client, vaultId, itemNameOrID string) (string, error) { + if !IsValidClientUUID(itemNameOrID) { + items, err := client.GetItemsByTitle(ctx, vaultId, itemNameOrID) if err != nil { return "", err } if len(items) == 0 { - return "", fmt.Errorf("No items found with identifier %q", itemIdentifier) + return "", fmt.Errorf("No items found with identifier %q", itemNameOrID) } oldestItem := items[0] @@ -94,9 +94,9 @@ func getItemID(ctx context.Context, client opclient.Client, vaultId, itemIdentif oldestItem = returnedItem } } - logger.Info(fmt.Sprintf("%v 1Password items found with the title %q. Will use item %q as it is the oldest.", len(items), itemIdentifier, oldestItem.ID)) + logger.Info(fmt.Sprintf("%v 1Password items found with the title %q. Will use item %q as it is the oldest.", len(items), itemNameOrID, oldestItem.ID)) } - itemIdentifier = oldestItem.ID + itemNameOrID = oldestItem.ID } - return itemIdentifier, nil + return itemNameOrID, nil } diff --git a/pkg/onepassword/model/item.go b/pkg/onepassword/model/item.go index 9066204..ebf13e4 100644 --- a/pkg/onepassword/model/item.go +++ b/pkg/onepassword/model/item.go @@ -52,9 +52,8 @@ func (i *Item) FromSDKItem(item *sdk.Item) { i.VaultID = item.VaultID i.Version = int(item.Version) - for _, tag := range item.Tags { - i.Tags = append(i.Tags, tag) - } + i.Tags = make([]string, len(item.Tags)) + copy(i.Tags, item.Tags) for _, field := range item.Fields { i.Fields = append(i.Fields, ItemField{ @@ -79,9 +78,8 @@ func (i *Item) FromSDKItemOverview(item *sdk.ItemOverview) { i.ID = item.ID i.VaultID = item.VaultID - for _, tag := range item.Tags { - i.Tags = append(i.Tags, tag) - } + i.Tags = make([]string, len(item.Tags)) + copy(i.Tags, item.Tags) i.CreatedAt = item.CreatedAt } diff --git a/pkg/onepassword/model/vault.go b/pkg/onepassword/model/vault.go index e90e492..5cf26e1 100644 --- a/pkg/onepassword/model/vault.go +++ b/pkg/onepassword/model/vault.go @@ -19,5 +19,5 @@ func (v *Vault) FromConnectVault(vault *connect.Vault) { func (v *Vault) FromSDKVault(vault *sdk.VaultOverview) { v.ID = vault.ID - v.CreatedAt = time.Now() // TODO: add to SDK and use it instead of time.Now() + v.CreatedAt = vault.CreatedAt } diff --git a/pkg/onepassword/model/vault_test.go b/pkg/onepassword/model/vault_test.go index 48c7be2..d6ba34b 100644 --- a/pkg/onepassword/model/vault_test.go +++ b/pkg/onepassword/model/vault_test.go @@ -23,14 +23,15 @@ func TestVault_FromConnectVault(t *testing.T) { require.Equal(t, connectVault.CreatedAt, vault.CreatedAt) } -// TODO: check CreatedAt when available func TestVault_FromSDKVault(t *testing.T) { sdkVault := &sdk.VaultOverview{ - ID: "test-id", + ID: "test-id", + CreatedAt: time.Now(), } vault := &Vault{} vault.FromSDKVault(sdkVault) require.Equal(t, sdkVault.ID, vault.ID) + require.Equal(t, sdkVault.CreatedAt, vault.CreatedAt) } diff --git a/pkg/onepassword/secret_update_handler_test.go b/pkg/onepassword/secret_update_handler_test.go index 9568b39..e3d622f 100644 --- a/pkg/onepassword/secret_update_handler_test.go +++ b/pkg/onepassword/secret_update_handler_test.go @@ -807,15 +807,6 @@ func TestUpdateSecretHandler(t *testing.T) { mockOpClient := &mocks.TestClient{} mockOpClient.On("GetItemByID", mock.Anything, mock.Anything).Return(createItem(), nil) - //mocks.DoGetItemFunc = func(uuid string, vaultUUID string) (*onepassword.Item, error) { - // - // item := onepassword.Item{} - // item.Fields = generateFields(testData.opItem["username"], testData.opItem["password"]) - // item.Version = itemVersion - // item.Vault.ID = vaultUUID - // item.ID = uuid - // return &item, nil - //} h := &SecretUpdateHandler{ client: cl, opClient: mockOpClient,