1Password/onepassword-operator
1
0
Fork 0
mirror of https://github.com/1Password/onepassword-operator.git synced 2025-10-22 07:28:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'vzt/service-accounts-support' into vzt/fix-context

Browse Source 
# Conflicts:
#	USAGEGUIDE.md
#	cmd/main.go
#	pkg/onepassword/client/client.go
#	pkg/onepassword/items.go
This commit is contained in:
Volodymyr Zotov
2025-06-17 13:21:39 -05:00
parent 83b294690a b717823fd0
commit 13abcb9c8f
19 changed files with 142 additions and 119 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.VERSION
View File

@@ -1 +1 @@
1.9.0
1.8.1

8
CHANGELOG.md
View File

@@ -12,14 +12,6 @@
---
[//]: # (START/v1.9.0)
# v1.9.0
## Features
* Support Service Accounts. {#160}
---
[//]: # (START/v1.8.1)
# v1.8.1

2
Dockerfile
View File

@@ -24,7 +24,7 @@ COPY version/ version/
# the docker BUILDPLATFORM arg will be linux/arm64 when for Apple x86 it will be linux/amd64. Therefore,
# by leaving it empty we can ensure that the container and binary shipped on it will have the same platform.
RUN CGO_ENABLED=0 \
GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} GO111MODULE=on \
GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} \
go build \
-ldflags "-X \"github.com/1Password/onepassword-operator/version.Version=$operator_version\"" \
-a -o manager cmd/main.go

3
USAGEGUIDE.md
View File

@@ -107,7 +107,8 @@ containers:
---
## [Usage examples](https://developer.1password.com/docs/k8s/operator/?deployment-type=manual#usage-examples)
## Usage examples
Find usage [examples](https://developer.1password.com/docs/k8s/operator/?deployment-type=manual#usage-examples) on 1Password developer documentation.
---

5
cmd/main.go
View File

@@ -156,7 +156,10 @@ func main() {
}
// Setup One Password Client
opClient, err := opclient.NewClient(ctx, version.OperatorVersion)
opClient, err := opclient.NewFromEnvironment(ctx, opclient.Config{
Logger: setupLog,
Version: version.OperatorVersion,
})
if err != nil {
setupLog.Error(err, "unable to create 1Password client")
os.Exit(1)

22
config/manager/manager.yaml
View File

@@ -75,25 +75,33 @@ spec:
image: 1password/onepassword-operator:latest
name: manager
env:
- name: WATCH_NAMESPACE
value: "default"
- name: OPERATOR_NAME
value: "onepassword-connect-operator"
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: OPERATOR_NAME
value: "onepassword-connect-operator"
- name: OP_CONNECT_HOST
value: "http://onepassword-connect:8080"
- name: WATCH_NAMESPACE
value: "default"
- name: POLLING_INTERVAL
value: "10"
- name: AUTO_RESTART
value: "false"
- name: OP_CONNECT_HOST
value: "http://onepassword-connect:8080"
- name: OP_CONNECT_TOKEN
valueFrom:
secretKeyRef:
name: onepassword-token
key: token
- name: AUTO_RESTART
- name: MANAGE_CONNECT
value: "false"
# Uncomment the following lines to enable service account token and comment out the OP_CONNECT_TOKEN, OP_CONNECT_HOST and MANAGE_CONNECT env vars.
# - name: OP_SERVICE_ACCOUNT_TOKEN
# valueFrom:
# secretKeyRef:
# name: onepassword-service-account-token
# key: token
securityContext:
allowPrivilegeEscalation: false
capabilities:

2
internal/controller/suite_test.go
View File

@@ -26,7 +26,6 @@ package controller
import (
"context"
"github.com/stretchr/testify/mock"
"path/filepath"
"regexp"
"testing"
@@ -34,6 +33,7 @@ import (
. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"
"github.com/stretchr/testify/mock"
"k8s.io/client-go/kubernetes/scheme"
"k8s.io/client-go/rest"

9
pkg/kubernetessecrets/kubernetes_secrets_builder.go
View File

@@ -2,16 +2,13 @@ package kubernetessecrets
import (
"context"
errs "errors"
"fmt"
"github.com/1Password/onepassword-operator/pkg/onepassword/model"
"reflect"
"regexp"
"strings"
"reflect"
errs "errors"
"github.com/1Password/onepassword-operator/pkg/onepassword/model"
"github.com/1Password/onepassword-operator/pkg/utils"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/errors"

18
pkg/onepassword/client/client.go
View File

@@ -3,9 +3,10 @@ package client
import (
"context"
"errors"
"fmt"
"os"
"github.com/go-logr/logr"
"github.com/1Password/onepassword-operator/pkg/onepassword/client/connect"
"github.com/1Password/onepassword-operator/pkg/onepassword/client/sdk"
"github.com/1Password/onepassword-operator/pkg/onepassword/model"
@@ -19,8 +20,13 @@ type Client interface {
GetVaultsByTitle(ctx context.Context, title string) ([]model.Vault, error)
}
// NewClient creates a new 1Password client based on the provided configuration.
func NewClient(ctx context.Context, integrationVersion string) (Client, error) {
type Config struct {
Logger logr.Logger
Version string
}
// NewFromEnvironment creates a new 1Password client based on the provided configuration.
func NewFromEnvironment(ctx context.Context, cfg Config) (Client, error) {
connectHost, _ := os.LookupEnv("OP_CONNECT_HOST")
connectToken, _ := os.LookupEnv("OP_CONNECT_TOKEN")
serviceAccountToken, _ := os.LookupEnv("OP_SERVICE_ACCOUNT_TOKEN")
@@ -30,16 +36,16 @@ func NewClient(ctx context.Context, integrationVersion string) (Client, error) {
}
if serviceAccountToken != "" {
fmt.Printf("Using Service Account Token")
cfg.Logger.Info("Using Service Account Token")
return sdk.NewClient(ctx, sdk.Config{
ServiceAccountToken: serviceAccountToken,
IntegrationName: "1password-operator",
IntegrationVersion: integrationVersion,
IntegrationVersion: cfg.Version,
})
}
if connectHost != "" && connectToken != "" {
fmt.Printf("Using Connect")
cfg.Logger.Info("Using 1Password Connect")
return connect.NewClient(connect.Config{
ConnectHost: connectHost,
ConnectToken: connectToken,

16
pkg/onepassword/client/connect/connect.go
View File

@@ -13,7 +13,6 @@ import (
type Config struct {
ConnectHost string
ConnectToken string
UserAgent string
}
// Connect is a client for interacting with 1Password using the Connect API.
@@ -31,7 +30,7 @@ func NewClient(config Config) *Connect {
func (c *Connect) GetItemByID(ctx context.Context, vaultID, itemID string) (*model.Item, error) {
connectItem, err := c.client.GetItemByUUID(itemID, vaultID)
if err != nil {
return nil, fmt.Errorf("1password Connect error: %w", err)
return nil, fmt.Errorf("1Password Connect error: %w", err)
}
var item model.Item
@@ -43,14 +42,14 @@ func (c *Connect) GetItemsByTitle(ctx context.Context, vaultID, itemTitle string
// Get all items in the vault with the specified title
connectItems, err := c.client.GetItemsByTitle(itemTitle, vaultID)
if err != nil {
return nil, fmt.Errorf("1password Connect error: %w", err)
return nil, fmt.Errorf("1Password Connect error: %w", err)
}
var items []model.Item
for _, connectItem := range connectItems {
items := make([]model.Item, len(connectItems))
for i, connectItem := range connectItems {
var item model.Item
item.FromConnectItem(&connectItem)
items = append(items, item)
items[i] = item
}
return items, nil
@@ -61,7 +60,7 @@ func (c *Connect) GetFileContent(ctx context.Context, vaultID, itemID, fileID st
ContentPath: fmt.Sprintf("/v1/vaults/%s/items/%s/files/%s/content", vaultID, itemID, fileID),
})
if err != nil {
return nil, fmt.Errorf("1password Connect error: %w", err)
return nil, fmt.Errorf("1Password Connect error: %w", err)
}
return bytes, nil
@@ -70,7 +69,7 @@ func (c *Connect) GetFileContent(ctx context.Context, vaultID, itemID, fileID st
func (c *Connect) GetVaultsByTitle(ctx context.Context, vaultQuery string) ([]model.Vault, error) {
connectVaults, err := c.client.GetVaultsByTitle(vaultQuery)
if err != nil {
return nil, fmt.Errorf("1password Connect error: %w", err)
return nil, fmt.Errorf("1Password Connect error: %w", err)
}
var vaults []model.Vault
@@ -81,6 +80,5 @@ func (c *Connect) GetVaultsByTitle(ctx context.Context, vaultQuery string) ([]mo
vaults = append(vaults, vault)
}
}
return vaults, nil
}

25
pkg/onepassword/client/connect/connect_test.go
View File

@@ -4,6 +4,7 @@ import (
"context"
"errors"
"testing"
"time"
"github.com/stretchr/testify/require"
@@ -160,6 +161,7 @@ func TestConnect_GetFileContent(t *testing.T) {
}
func TestConnect_GetVaultsByTitle(t *testing.T) {
now := time.Now()
testCases := map[string]struct {
mockClient func() *mock.ConnectClientMock
check func(t *testing.T, vaults []model.Vault, err error)
@@ -169,12 +171,14 @@ func TestConnect_GetVaultsByTitle(t *testing.T) {
mockConnectClient := &mock.ConnectClientMock{}
mockConnectClient.On("GetVaultsByTitle", VaultTitleEmployee).Return([]onepassword.Vault{
{
ID: "test-id",
Name: VaultTitleEmployee,
ID: "test-id",
Name: VaultTitleEmployee,
CreatedAt: now,
},
{
ID: "test-id-2",
Name: "Some other vault",
ID: "test-id-2",
Name: "Some other vault",
CreatedAt: now,
},
}, nil)
return mockConnectClient
@@ -183,6 +187,7 @@ func TestConnect_GetVaultsByTitle(t *testing.T) {
require.NoError(t, err)
require.Len(t, vaults, 1)
require.Equal(t, "test-id", vaults[0].ID)
require.Equal(t, now, vaults[0].CreatedAt)
},
},
"should return a two vaults": {
@@ -190,12 +195,14 @@ func TestConnect_GetVaultsByTitle(t *testing.T) {
mockConnectClient := &mock.ConnectClientMock{}
mockConnectClient.On("GetVaultsByTitle", VaultTitleEmployee).Return([]onepassword.Vault{
{
ID: "test-id",
Name: VaultTitleEmployee,
ID: "test-id",
Name: VaultTitleEmployee,
CreatedAt: now,
},
{
ID: "test-id-2",
Name: VaultTitleEmployee,
ID: "test-id-2",
Name: VaultTitleEmployee,
CreatedAt: now,
},
}, nil)
return mockConnectClient
@@ -205,8 +212,10 @@ func TestConnect_GetVaultsByTitle(t *testing.T) {
require.Len(t, vaults, 2)
// Check the first vault
require.Equal(t, "test-id", vaults[0].ID)
require.Equal(t, now, vaults[0].CreatedAt)
// Check the second vault
require.Equal(t, "test-id-2", vaults[1].ID)
require.Equal(t, now, vaults[1].CreatedAt)
},
},
"should return an error": {

10
pkg/onepassword/client/sdk/sdk.go
View File

@@ -26,7 +26,7 @@ func NewClient(ctx context.Context, config Config) (*SDK, error) {
sdk.WithIntegrationInfo(config.IntegrationName, config.IntegrationVersion),
)
if err != nil {
return nil, fmt.Errorf("1password sdk error: %w", err)
return nil, fmt.Errorf("1Password sdk error: %w", err)
}
return &SDK{
@@ -37,7 +37,7 @@ func NewClient(ctx context.Context, config Config) (*SDK, error) {
func (s *SDK) GetItemByID(ctx context.Context, vaultID, itemID string) (*model.Item, error) {
sdkItem, err := s.client.Items().Get(ctx, vaultID, itemID)
if err != nil {
return nil, fmt.Errorf("1password sdk error: %w", err)
return nil, fmt.Errorf("1Password sdk error: %w", err)
}
var item model.Item
@@ -49,7 +49,7 @@ func (s *SDK) GetItemsByTitle(ctx context.Context, vaultID, itemTitle string) ([
// Get all items in the vault
sdkItems, err := s.client.Items().List(ctx, vaultID)
if err != nil {
return nil, fmt.Errorf("1password sdk error: %w", err)
return nil, fmt.Errorf("1Password sdk error: %w", err)
}
// Filter items by title
@@ -70,7 +70,7 @@ func (s *SDK) GetFileContent(ctx context.Context, vaultID, itemID, fileID string
ID: fileID,
})
if err != nil {
return nil, fmt.Errorf("1password sdk error: %w", err)
return nil, fmt.Errorf("1Password sdk error: %w", err)
}
return bytes, nil
@@ -80,7 +80,7 @@ func (s *SDK) GetVaultsByTitle(ctx context.Context, title string) ([]model.Vault
// List all vaults
sdkVaults, err := s.client.Vaults().List(ctx)
if err != nil {
return nil, fmt.Errorf("1password sdk error: %w", err)
return nil, fmt.Errorf("1Password sdk error: %w", err)
}
// Filter vaults by title

39
pkg/onepassword/client/sdk/sdk_test.go
View File

@@ -4,6 +4,7 @@ import (
"context"
"errors"
"testing"
"time"
"github.com/stretchr/testify/mock"
"github.com/stretchr/testify/require"
@@ -23,7 +24,7 @@ func TestSDK_GetItemByID(t *testing.T) {
mockItemAPI func() *clientmock.ItemAPIMock
check func(t *testing.T, item *model.Item, err error)
}{
"should return a single vault": {
"should return a single item": {
mockItemAPI: func() *clientmock.ItemAPIMock {
m := &clientmock.ItemAPIMock{}
m.On("Get", context.Background(), "vault-id", "item-id").Return(*sdkItem, nil)
@@ -103,6 +104,17 @@ func TestSDK_GetItemsByTitle(t *testing.T) {
clienttesting.CheckSDKItemOverviewMapping(t, sdkItem2, &items[1])
},
},
"should return empty list": {
mockItemAPI: func() *clientmock.ItemAPIMock {
m := &clientmock.ItemAPIMock{}
m.On("List", context.Background(), "vault-id", mock.Anything).Return([]sdk.ItemOverview{}, nil)
return m
},
check: func(t *testing.T, items []model.Item, err error) {
require.NoError(t, err)
require.Len(t, items, 0)
},
},
"should return an error": {
mockItemAPI: func() *clientmock.ItemAPIMock {
m := &clientmock.ItemAPIMock{}
@@ -191,8 +203,8 @@ func TestSDK_GetFileContent(t *testing.T) {
}
}
// TODO: check CreatedAt as soon as a new SDK version returns it
func TestSDK_GetVaultsByTitle(t *testing.T) {
now := time.Now()
testCases := map[string]struct {
mockVaultAPI func() *clientmock.VaultAPIMock
check func(t *testing.T, vaults []model.Vault, err error)
@@ -202,12 +214,14 @@ func TestSDK_GetVaultsByTitle(t *testing.T) {
m := &clientmock.VaultAPIMock{}
m.On("List", context.Background()).Return([]sdk.VaultOverview{
{
ID: "test-id",
Title: VaultTitleEmployee,
ID: "test-id",
Title: VaultTitleEmployee,
CreatedAt: now,
},
{
ID: "test-id-2",
Title: "Some other vault",
ID: "test-id-2",
Title: "Some other vault",
CreatedAt: now,
},
}, nil)
return m
@@ -216,6 +230,7 @@ func TestSDK_GetVaultsByTitle(t *testing.T) {
require.NoError(t, err)
require.Len(t, vaults, 1)
require.Equal(t, "test-id", vaults[0].ID)
require.Equal(t, now, vaults[0].CreatedAt)
},
},
"should return a two vaults": {
@@ -223,12 +238,14 @@ func TestSDK_GetVaultsByTitle(t *testing.T) {
m := &clientmock.VaultAPIMock{}
m.On("List", context.Background()).Return([]sdk.VaultOverview{
{
ID: "test-id",
Title: VaultTitleEmployee,
ID: "test-id",
Title: VaultTitleEmployee,
CreatedAt: now,
},
{
ID: "test-id-2",
Title: VaultTitleEmployee,
ID: "test-id-2",
Title: VaultTitleEmployee,
CreatedAt: now,
},
}, nil)
return m
@@ -238,8 +255,10 @@ func TestSDK_GetVaultsByTitle(t *testing.T) {
require.Len(t, vaults, 2)
// Check the first vault
require.Equal(t, "test-id", vaults[0].ID)
require.Equal(t, now, vaults[0].CreatedAt)
// Check the second vault
require.Equal(t, "test-id-2", vaults[1].ID)
require.Equal(t, now, vaults[1].CreatedAt)
},
},
"should return an error": {

36
pkg/onepassword/client/testing/mock/connect.go
View File

@@ -12,7 +12,7 @@ type ConnectClientMock struct {
}
func (c *ConnectClientMock) GetVaults() ([]onepassword.Vault, error) {
//TODO implement me
// Only implement this if mocking is needed
panic("implement me")
}
@@ -22,12 +22,12 @@ func (c *ConnectClientMock) GetVault(uuid string) (*onepassword.Vault, error) {
}
func (c *ConnectClientMock) GetVaultByUUID(uuid string) (*onepassword.Vault, error) {
//TODO implement me
// Only implement this if mocking is needed
panic("implement me")
}
func (c *ConnectClientMock) GetVaultByTitle(title string) (*onepassword.Vault, error) {
//TODO implement me
// Only implement this if mocking is needed
panic("implement me")
}
@@ -37,12 +37,12 @@ func (c *ConnectClientMock) GetVaultsByTitle(title string) ([]onepassword.Vault,
}
func (c *ConnectClientMock) GetItems(vaultQuery string) ([]onepassword.Item, error) {
//TODO implement me
// Only implement this if mocking is needed
panic("implement me")
}
func (c *ConnectClientMock) GetItem(itemQuery, vaultQuery string) (*onepassword.Item, error) {
//TODO implement me
// Only implement this if mocking is needed
panic("implement me")
}
@@ -52,7 +52,7 @@ func (c *ConnectClientMock) GetItemByUUID(uuid string, vaultQuery string) (*onep
}
func (c *ConnectClientMock) GetItemByTitle(title string, vaultQuery string) (*onepassword.Item, error) {
//TODO implement me
// Only implement this if mocking is needed
panic("implement me")
}
@@ -62,37 +62,37 @@ func (c *ConnectClientMock) GetItemsByTitle(title string, vaultQuery string) ([]
}
func (c *ConnectClientMock) CreateItem(item *onepassword.Item, vaultQuery string) (*onepassword.Item, error) {
//TODO implement me
// Only implement this if mocking is needed
panic("implement me")
}
func (c *ConnectClientMock) UpdateItem(item *onepassword.Item, vaultQuery string) (*onepassword.Item, error) {
//TODO implement me
// Only implement this if mocking is needed
panic("implement me")
}
func (c *ConnectClientMock) DeleteItem(item *onepassword.Item, vaultQuery string) error {
//TODO implement me
// Only implement this if mocking is needed
panic("implement me")
}
func (c *ConnectClientMock) DeleteItemByID(itemUUID string, vaultQuery string) error {
//TODO implement me
// Only implement this if mocking is needed
panic("implement me")
}
func (c *ConnectClientMock) DeleteItemByTitle(title string, vaultQuery string) error {
//TODO implement me
// Only implement this if mocking is needed
panic("implement me")
}
func (c *ConnectClientMock) GetFiles(itemQuery string, vaultQuery string) ([]onepassword.File, error) {
//TODO implement me
// Only implement this if mocking is needed
panic("implement me")
}
func (c *ConnectClientMock) GetFile(uuid string, itemQuery string, vaultQuery string) (*onepassword.File, error) {
//TODO implement me
// Only implement this if mocking is needed
panic("implement me")
}
@@ -105,26 +105,26 @@ func (c *ConnectClientMock) GetFileContent(file *onepassword.File) ([]byte, erro
}
func (c *ConnectClientMock) DownloadFile(file *onepassword.File, targetDirectory string, overwrite bool) (string, error) {
//TODO implement me
// Only implement this if mocking is needed
panic("implement me")
}
func (c *ConnectClientMock) LoadStructFromItemByUUID(config interface{}, itemUUID string, vaultQuery string) error {
//TODO implement me
// Only implement this if mocking is needed
panic("implement me")
}
func (c *ConnectClientMock) LoadStructFromItemByTitle(config interface{}, itemTitle string, vaultQuery string) error {
//TODO implement me
// Only implement this if mocking is needed
panic("implement me")
}
func (c *ConnectClientMock) LoadStructFromItem(config interface{}, itemQuery string, vaultQuery string) error {
//TODO implement me
// Only implement this if mocking is needed
panic("implement me")
}
func (c *ConnectClientMock) LoadStruct(config interface{}) error {
//TODO implement me
// Only implement this if mocking is needed
panic("implement me")
}

38
pkg/onepassword/items.go
View File

@@ -14,18 +14,18 @@ import (
var logger = logf.Log.WithName("retrieve_item")
func GetOnePasswordItemByPath(ctx context.Context, opClient opclient.Client, path string) (*model.Item, error) {
vaultIdentifier, itemIdentifier, err := ParseVaultAndItemFromPath(path)
vaultNameOrID, itemNameOrID, err := ParseVaultAndItemFromPath(path)
if err != nil {
return nil, err
}
vaultID, err := getVaultID(ctx, opClient, vaultIdentifier)
vaultID, err := getVaultID(ctx, opClient, vaultNameOrID)
if err != nil {
return nil, fmt.Errorf("failed to 'getVaultID' for vaultIdentifier='%s': %w", vaultIdentifier, err)
return nil, fmt.Errorf("failed to 'getVaultID' for vaultNameOrID='%s': %w", vaultNameOrID, err)
}
itemID, err := getItemID(ctx, opClient, vaultID, itemIdentifier)
itemID, err := getItemID(ctx, opClient, vaultID, itemNameOrID)
if err != nil {
return nil, fmt.Errorf("faild to 'getItemID' for vaultID='%s' and itemIdentifier='%s': %w", vaultID, itemIdentifier, err)
return nil, fmt.Errorf("faild to 'getItemID' for vaultID='%s' and itemNameOrID='%s': %w", vaultID, itemNameOrID, err)
}
item, err := opClient.GetItemByID(ctx, vaultID, itemID)
@@ -51,15 +51,15 @@ func ParseVaultAndItemFromPath(path string) (string, string, error) {
return "", "", fmt.Errorf("%q is not an acceptable path for One Password item. Must be of the format: `vaults/{vault_id}/items/{item_id}`", path)
}
func getVaultID(ctx context.Context, client opclient.Client, vaultIdentifier string) (string, error) {
if !IsValidClientUUID(vaultIdentifier) {
vaults, err := client.GetVaultsByTitle(ctx, vaultIdentifier)
func getVaultID(ctx context.Context, client opclient.Client, vaultNameOrID string) (string, error) {
if !IsValidClientUUID(vaultNameOrID) {
vaults, err := client.GetVaultsByTitle(ctx, vaultNameOrID)
if err != nil {
return "", err
}
if len(vaults) == 0 {
return "", fmt.Errorf("No vaults found with identifier %q", vaultIdentifier)
return "", fmt.Errorf("No vaults found with identifier %q", vaultNameOrID)
}
oldestVault := vaults[0]
@@ -69,22 +69,22 @@ func getVaultID(ctx context.Context, client opclient.Client, vaultIdentifier str
oldestVault = returnedVault
}
}
logger.Info(fmt.Sprintf("%v 1Password vaults found with the title %q. Will use vault %q as it is the oldest.", len(vaults), vaultIdentifier, oldestVault.ID))
logger.Info(fmt.Sprintf("%v 1Password vaults found with the title %q. Will use vault %q as it is the oldest.", len(vaults), vaultNameOrID, oldestVault.ID))
}
vaultIdentifier = oldestVault.ID
vaultNameOrID = oldestVault.ID
}
return vaultIdentifier, nil
return vaultNameOrID, nil
}
func getItemID(ctx context.Context, client opclient.Client, vaultId, itemIdentifier string) (string, error) {
if !IsValidClientUUID(itemIdentifier) {
items, err := client.GetItemsByTitle(ctx, vaultId, itemIdentifier)
func getItemID(ctx context.Context, client opclient.Client, vaultId, itemNameOrID string) (string, error) {
if !IsValidClientUUID(itemNameOrID) {
items, err := client.GetItemsByTitle(ctx, vaultId, itemNameOrID)
if err != nil {
return "", err
}
if len(items) == 0 {
return "", fmt.Errorf("No items found with identifier %q", itemIdentifier)
return "", fmt.Errorf("No items found with identifier %q", itemNameOrID)
}
oldestItem := items[0]
@@ -94,9 +94,9 @@ func getItemID(ctx context.Context, client opclient.Client, vaultId, itemIdentif
oldestItem = returnedItem
}
}
logger.Info(fmt.Sprintf("%v 1Password items found with the title %q. Will use item %q as it is the oldest.", len(items), itemIdentifier, oldestItem.ID))
logger.Info(fmt.Sprintf("%v 1Password items found with the title %q. Will use item %q as it is the oldest.", len(items), itemNameOrID, oldestItem.ID))
}
itemIdentifier = oldestItem.ID
itemNameOrID = oldestItem.ID
}
return itemIdentifier, nil
return itemNameOrID, nil
}

10
pkg/onepassword/model/item.go
View File

@@ -52,9 +52,8 @@ func (i *Item) FromSDKItem(item *sdk.Item) {
i.VaultID = item.VaultID
i.Version = int(item.Version)
for _, tag := range item.Tags {
i.Tags = append(i.Tags, tag)
}
i.Tags = make([]string, len(item.Tags))
copy(i.Tags, item.Tags)
for _, field := range item.Fields {
i.Fields = append(i.Fields, ItemField{
@@ -79,9 +78,8 @@ func (i *Item) FromSDKItemOverview(item *sdk.ItemOverview) {
i.ID = item.ID
i.VaultID = item.VaultID
for _, tag := range item.Tags {
i.Tags = append(i.Tags, tag)
}
i.Tags = make([]string, len(item.Tags))
copy(i.Tags, item.Tags)
i.CreatedAt = item.CreatedAt
}

2
pkg/onepassword/model/vault.go
View File

@@ -19,5 +19,5 @@ func (v *Vault) FromConnectVault(vault *connect.Vault) {
func (v *Vault) FromSDKVault(vault *sdk.VaultOverview) {
v.ID = vault.ID
v.CreatedAt = time.Now() // TODO: add to SDK and use it instead of time.Now()
v.CreatedAt = vault.CreatedAt
}

5
pkg/onepassword/model/vault_test.go
View File

@@ -23,14 +23,15 @@ func TestVault_FromConnectVault(t *testing.T) {
require.Equal(t, connectVault.CreatedAt, vault.CreatedAt)
}
// TODO: check CreatedAt when available
func TestVault_FromSDKVault(t *testing.T) {
sdkVault := &sdk.VaultOverview{
ID: "test-id",
ID: "test-id",
CreatedAt: time.Now(),
}
vault := &Vault{}
vault.FromSDKVault(sdkVault)
require.Equal(t, sdkVault.ID, vault.ID)
require.Equal(t, sdkVault.CreatedAt, vault.CreatedAt)
}

9
pkg/onepassword/secret_update_handler_test.go
View File

@@ -807,15 +807,6 @@ func TestUpdateSecretHandler(t *testing.T) {
mockOpClient := &mocks.TestClient{}
mockOpClient.On("GetItemByID", mock.Anything, mock.Anything).Return(createItem(), nil)
//mocks.DoGetItemFunc = func(uuid string, vaultUUID string) (*onepassword.Item, error) {
//
// item := onepassword.Item{}
// item.Fields = generateFields(testData.opItem["username"], testData.opItem["password"])
// item.Version = itemVersion
// item.Vault.ID = vaultUUID
// item.ID = uuid
// return &item, nil
//}
h := &SecretUpdateHandler{
client: cl,
opClient: mockOpClient,