1Password/onepassword-operator
1
0
Fork 0
mirror of https://github.com/1Password/onepassword-operator.git synced 2025-10-21 23:18:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Updating path for fetching 1password items to be of the op:// reference format

Browse Source
This commit is contained in:
jillianwilson
2021-09-06 14:23:59 -03:00
parent 49d984c6f2
commit 1590dd9b89
17 changed files with 130 additions and 117 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
README.md
View File

@@ -2,7 +2,7 @@
The 1Password Connect Kubernetes Operator provides the ability to integrate Kubernetes with 1Password. This Operator manages `OnePasswordItem` Custom Resource Definitions (CRDs) that define the location of an Item stored in 1Password. The `OnePasswordItem` CRD, when created, will be used to compose a Kubernetes Secret containing the contents of the specified item.
The 1Password Connect Kubernetes Operator also allows for Kubernetes Secrets to be composed from a 1Password Item through annotation of an Item Path on a deployment.
The 1Password Connect Kubernetes Operator also allows for Kubernetes Secrets to be composed from a 1Password Item through annotation of an Item Reference on a deployment.
The 1Password Connect Kubernetes Operator will continually check for updates from 1Password for any Kubernetes Secret that it has generated. If a Kubernetes Secret is updated, any Deployment using that secret can be automatically restarted.
@@ -106,7 +106,7 @@ kind: OnePasswordItem
metadata:
name: <item_name> #this name will also be used for naming the generated kubernetes secret
spec:
itemPath: "vaults/<vault_id_or_title>/items/<item_id_or_title>"
itemReference: "op://<vault_id_or_title>/<item_id_or_title>"
```
Deploy the OnePasswordItem to Kubernetes:
@@ -131,20 +131,20 @@ kind: Deployment
metadata:
name: deployment-example
annotations:
operator.1password.io/item-path: "vaults/<vault_id_or_title>/items/<item_id_or_title>"
operator.1password.io/item-reference: "op://<vault>/<item>"
operator.1password.io/item-name: "<secret_name>"
```
Applying this yaml file will create a Kubernetes Secret with the name `<secret_name>` and contents from the location specified at the specified Item Path.
Applying this yaml file will create a Kubernetes Secret with the name `<secret_name>` and contents from the location specified at the specified Item Reference.
Note: Deleting the Deployment that you've created will automatically delete the created Kubernetes Secret only if the deployment is still annotated with `operator.1password.io/item-path` and `operator.1password.io/item-name` and no other deployment is using the secret.
Note: Deleting the Deployment that you've created will automatically delete the created Kubernetes Secret only if the deployment is still annotated with `operator.1password.io/item-reference` and `operator.1password.io/item-name` and no other deployment is using the secret.
If a 1Password Item that is linked to a Kubernetes Secret is updated within the POLLING_INTERVAL the associated Kubernetes Secret will be updated. However, if you do not want a specific secret to be updated you can add the tag `operator.1password.io:ignore-secret` to the item stored in 1Password. While this tag is in place, any updates made to an item will not trigger an update to the associated secret in Kubernetes.
---
**NOTE**
If multiple 1Password vaults/items have the same `title` when using a title in the access path, the desired action will be performed on the oldest vault/item.
If multiple 1Password vaults/items have the same `title` when using a title in the access reference, the desired action will be performed on the oldest vault/item.
Titles and field names that include white space and other characters that are not a valid [DNS subdomain name](https://kubernetes.io/docs/concepts/configuration/secret/) will create Kubernetes secrets that have titles and fields in the following format:
- Invalid characters before the first alphanumeric character and after the last alphanumeric character will be removed

3
cmd/manager/main.go
View File

@@ -178,7 +178,8 @@ func main() {
ticker.Stop()
return
case <-ticker.C:
updatedSecretsPoller.UpdateKubernetesSecretsTask()
err := updatedSecretsPoller.UpdateKubernetesSecretsTask()
log.Error(err, "Error occured during update secret task")
}
}
}()

2
deploy/crds/onepassword.com_onepassworditems_crd.yaml
View File

@@ -33,7 +33,7 @@ spec:
spec:
description: OnePasswordItemSpec defines the desired state of OnePasswordItem
properties:
itemPath:
itemReference:
type: string
type: object
status:

2
deploy/crds/onepassword.com_v1_onepassworditem_cr.yaml
View File

@@ -3,4 +3,4 @@ kind: OnePasswordItem
metadata:
name: example
spec:
itemPath: "vaults/<vault_id>/items/<item_id>"
itemReference: "op://<vault_id>/<item_id>"

1
deploy/operator.yaml
View File

@@ -16,6 +16,7 @@ spec:
containers:
- name: onepassword-connect-operator
image: 1password/onepassword-operator
imagePullPolicy: Never
command: ["/manager"]
env:
- name: WATCH_NAMESPACE

2
pkg/apis/onepassword/v1/onepasswordsecret_types.go
View File

@@ -8,7 +8,7 @@ import (
// OnePasswordItemSpec defines the desired state of OnePasswordItem
type OnePasswordItemSpec struct {
ItemPath string `json:"itemPath,omitempty"`
ItemReference string `json:"itemReference,omitempty"`
}
// OnePasswordItemStatus defines the observed state of OnePasswordItem

4
pkg/controller/deployment/deployment_controller.go
View File

@@ -192,11 +192,11 @@ func (r *ReconcileDeployment) HandleApplyingDeployment(namespace string, annotat
secretName := annotations[op.NameAnnotation]
if len(secretName) == 0 {
reqLog.Info("No 'item-name' annotation set. 'item-path' and 'item-name' must be set as annotations to add new secret.")
reqLog.Info("No 'item-name' annotation set. 'item-reference' and 'item-name' must be set as annotations to add new secret.")
return nil
}
item, err := op.GetOnePasswordItemByPath(r.opConnectClient, annotations[op.ItemPathAnnotation])
item, err := op.GetOnePasswordItemByReference(r.opConnectClient, annotations[op.ItemReferenceAnnotation])
if err != nil {
return fmt.Errorf("Failed to retrieve item: %v", err)
}

18
pkg/controller/deployment/deployment_controller_test.go
View File

@@ -52,7 +52,7 @@ var (
"password": []byte(password),
"username": []byte(username),
}
itemPath = fmt.Sprintf("vaults/%v/items/%v", vaultId, itemId)
ItemReference = fmt.Sprintf("op://%v/%v", vaultId, itemId)
)
var (
@@ -76,7 +76,7 @@ var tests = []testReconcileItem{
finalizer,
},
Annotations: map[string]string{
op.ItemPathAnnotation: itemPath,
op.ItemReferenceAnnotation: ItemReference,
op.NameAnnotation: name,
},
},
@@ -90,7 +90,7 @@ var tests = []testReconcileItem{
Name: "another-deployment",
Namespace: namespace,
Annotations: map[string]string{
op.ItemPathAnnotation: itemPath,
op.ItemReferenceAnnotation: ItemReference,
op.NameAnnotation: name,
},
},
@@ -152,7 +152,7 @@ var tests = []testReconcileItem{
finalizer,
},
Annotations: map[string]string{
op.ItemPathAnnotation: itemPath,
op.ItemReferenceAnnotation: ItemReference,
op.NameAnnotation: name,
},
},
@@ -166,7 +166,7 @@ var tests = []testReconcileItem{
Name: "another-deployment",
Namespace: namespace,
Annotations: map[string]string{
op.ItemPathAnnotation: itemPath,
op.ItemReferenceAnnotation: ItemReference,
op.NameAnnotation: name,
},
},
@@ -235,7 +235,7 @@ var tests = []testReconcileItem{
finalizer,
},
Annotations: map[string]string{
op.ItemPathAnnotation: itemPath,
op.ItemReferenceAnnotation: ItemReference,
op.NameAnnotation: name,
},
},
@@ -268,7 +268,7 @@ var tests = []testReconcileItem{
Name: name,
Namespace: namespace,
Annotations: map[string]string{
op.ItemPathAnnotation: itemPath,
op.ItemReferenceAnnotation: ItemReference,
op.NameAnnotation: name,
},
},
@@ -310,7 +310,7 @@ var tests = []testReconcileItem{
Name: name,
Namespace: namespace,
Annotations: map[string]string{
op.ItemPathAnnotation: itemPath,
op.ItemReferenceAnnotation: ItemReference,
op.NameAnnotation: name,
},
},
@@ -352,7 +352,7 @@ var tests = []testReconcileItem{
Name: name,
Namespace: namespace,
Annotations: map[string]string{
op.ItemPathAnnotation: itemPath,
op.ItemReferenceAnnotation: ItemReference,
op.NameAnnotation: name,
},
},

3
pkg/controller/onepassworditem/onepassworditem_controller.go
View File

@@ -3,6 +3,7 @@ package onepassworditem
import (
"context"
"fmt"
onepasswordv1 "github.com/1Password/onepassword-operator/pkg/apis/onepassword/v1"
kubeSecrets "github.com/1Password/onepassword-operator/pkg/kubernetessecrets"
"github.com/1Password/onepassword-operator/pkg/onepassword"
@@ -145,7 +146,7 @@ func (r *ReconcileOnePasswordItem) HandleOnePasswordItem(resource *onepasswordv1
secretName := resource.GetName()
autoRestart := resource.Annotations[op.RestartDeploymentsAnnotation]
item, err := onepassword.GetOnePasswordItemByPath(r.opConnectClient, resource.Spec.ItemPath)
item, err := onepassword.GetOnePasswordItemByReference(r.opConnectClient, resource.Spec.ItemReference)
if err != nil {
return fmt.Errorf("Failed to retrieve item: %v", err)
}

14
pkg/controller/onepassworditem/onepassworditem_test.go
View File

@@ -55,7 +55,7 @@ var (
"password": []byte(password),
"username": []byte(username),
}
itemPath = fmt.Sprintf("vaults/%v/items/%v", vaultId, itemId)
itemReference = fmt.Sprintf("op://%v/%v", vaultId, itemId)
)
var (
@@ -79,7 +79,7 @@ var tests = []testReconcileItem{
},
},
Spec: onepasswordv1.OnePasswordItemSpec{
ItemPath: itemPath,
ItemReference: itemReference,
},
},
existingSecret: &corev1.Secret{
@@ -111,7 +111,7 @@ var tests = []testReconcileItem{
Namespace: namespace,
},
Spec: onepasswordv1.OnePasswordItemSpec{
ItemPath: itemPath,
ItemReference: itemReference,
},
},
existingSecret: &corev1.Secret{
@@ -152,7 +152,7 @@ var tests = []testReconcileItem{
Namespace: namespace,
},
Spec: onepasswordv1.OnePasswordItemSpec{
ItemPath: itemPath,
ItemReference: itemReference,
},
},
existingSecret: &corev1.Secret{
@@ -193,7 +193,7 @@ var tests = []testReconcileItem{
Namespace: namespace,
},
Spec: onepasswordv1.OnePasswordItemSpec{
ItemPath: itemPath,
ItemReference: itemReference,
},
},
existingSecret: nil,
@@ -225,7 +225,7 @@ var tests = []testReconcileItem{
Namespace: namespace,
},
Spec: onepasswordv1.OnePasswordItemSpec{
ItemPath: itemPath,
ItemReference: itemReference,
},
},
existingSecret: nil,
@@ -257,7 +257,7 @@ var tests = []testReconcileItem{
Namespace: namespace,
},
Spec: onepasswordv1.OnePasswordItemSpec{
ItemPath: itemPath,
ItemReference: itemReference,
},
},
existingSecret: nil,

4
pkg/kubernetessecrets/kubernetes_secrets_builder.go
View File

@@ -23,7 +23,7 @@ const OnepasswordPrefix = "operator.1password.io"
const NameAnnotation = OnepasswordPrefix + "/item-name"
const VersionAnnotation = OnepasswordPrefix + "/item-version"
const restartAnnotation = OnepasswordPrefix + "/last-restarted"
const ItemPathAnnotation = OnepasswordPrefix + "/item-path"
const ItemReferenceAnnotation = OnepasswordPrefix + "/item-reference"
const RestartDeploymentsAnnotation = OnepasswordPrefix + "/auto-restart"
var log = logf.Log
@@ -33,7 +33,7 @@ func CreateKubernetesSecretFromItem(kubeClient kubernetesClient.Client, secretNa
itemVersion := fmt.Sprint(item.Version)
annotations := map[string]string{
VersionAnnotation: itemVersion,
ItemPathAnnotation: fmt.Sprintf("vaults/%v/items/%v", item.Vault.ID, item.ID),
ItemReferenceAnnotation: fmt.Sprintf("op://%v/%v", item.Vault.ID, item.ID),
}
if autoRestart != "" {
_, err := utils.StringToBool(autoRestart)

21
pkg/kubernetessecrets/kubernetes_secrets_builder_test.go
View File

@@ -3,10 +3,11 @@ package kubernetessecrets
import (
"context"
"fmt"
kubeValidate "k8s.io/apimachinery/pkg/util/validation"
"strings"
"testing"
kubeValidate "k8s.io/apimachinery/pkg/util/validation"
"github.com/1Password/connect-sdk-go/onepassword"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/types"
@@ -42,7 +43,7 @@ func TestCreateKubernetesSecretFromOnePasswordItem(t *testing.T) {
t.Errorf("Secret was not created: %v", err)
}
compareFields(item.Fields, createdSecret.Data, t)
compareAnnotationsToItem(createdSecret.Annotations, item, t)
compareAnnotationsToItem(item.Vault.ID, item.ID, createdSecret.Annotations, item, t)
}
func TestUpdateKubernetesSecretFromOnePasswordItem(t *testing.T) {
@@ -78,7 +79,7 @@ func TestUpdateKubernetesSecretFromOnePasswordItem(t *testing.T) {
t.Errorf("Secret was not found: %v", err)
}
compareFields(newItem.Fields, updatedSecret.Data, t)
compareAnnotationsToItem(updatedSecret.Annotations, newItem, t)
compareAnnotationsToItem(newItem.Vault.ID, newItem.ID, updatedSecret.Annotations, newItem, t)
}
func TestBuildKubernetesSecretData(t *testing.T) {
fields := generateFields(5)
@@ -152,11 +153,7 @@ func TestBuildKubernetesSecretFixesInvalidLabels(t *testing.T) {
}
}
func compareAnnotationsToItem(annotations map[string]string, item onepassword.Item, t *testing.T) {
actualVaultId, actualItemId, err := ParseVaultIdAndItemIdFromPath(annotations[ItemPathAnnotation])
if err != nil {
t.Errorf("Was unable to parse Item Path")
}
func compareAnnotationsToItem(actualVaultId, actualItemId string, annotations map[string]string, item onepassword.Item, t *testing.T) {
if actualVaultId != item.Vault.ID {
t.Errorf("Expected annotation vault id to be %v but was %v", item.Vault.ID, actualVaultId)
}
@@ -196,14 +193,6 @@ func generateFields(numToGenerate int) []*onepassword.ItemField {
return fields
}
func ParseVaultIdAndItemIdFromPath(path string) (string, string, error) {
splitPath := strings.Split(path, "/")
if len(splitPath) == 4 && splitPath[0] == "vaults" && splitPath[2] == "items" {
return splitPath[1], splitPath[3], nil
}
return "", "", fmt.Errorf("%q is not an acceptable path for One Password item. Must be of the format: `vaults/{vault_id}/items/{item_id}`", path)
}
func validLabel(v string) bool {
if err := kubeValidate.IsDNS1123Subdomain(v); len(err) > 0 {
return false

2
pkg/onepassword/annotations.go
View File

@@ -9,7 +9,7 @@ import (
const (
OnepasswordPrefix = "operator.1password.io"
ItemPathAnnotation = OnepasswordPrefix + "/item-path"
ItemReferenceAnnotation = OnepasswordPrefix + "/item-reference"
NameAnnotation = OnepasswordPrefix + "/item-name"
VersionAnnotation = OnepasswordPrefix + "/item-version"
RestartAnnotation = OnepasswordPrefix + "/last-restarted"

4
pkg/onepassword/annotations_test.go
View File

@@ -22,7 +22,7 @@ func TestFilterAnnotations(t *testing.T) {
if len(filteredAnnotations) != 2 {
t.Errorf("Unexpected number of filtered annotations returned. Expected 2, got %v", len(filteredAnnotations))
}
_, found := filteredAnnotations[ItemPathAnnotation]
_, found := filteredAnnotations[ItemReferenceAnnotation]
if !found {
t.Errorf("One Password Annotation was filtered when it should not have been")
}
@@ -87,7 +87,7 @@ func TestGetNoAnnotationsForDeployment(t *testing.T) {
func getValidAnnotations() map[string]string {
return map[string]string{
ItemPathAnnotation: "vaults/b3e4c7fc-8bf7-4c22-b8bb-147539f10e4f/items/b3e4c7fc-8bf7-4c22-b8bb-147539f10e4f",
ItemReferenceAnnotation: "op://b3e4c7fc-8bf7-4c22-b8bb-147539f10e4f/b3e4c7fc-8bf7-4c22-b8bb-147539f10e4f",
NameAnnotation: "secretName",
}
}

35
pkg/onepassword/items.go
View File

@@ -11,11 +11,16 @@ import (
var logger = logf.Log.WithName("retrieve_item")
func GetOnePasswordItemByPath(opConnectClient connect.Client, path string) (*onepassword.Item, error) {
vaultValue, itemValue, err := ParseVaultAndItemFromPath(path)
const (
secretReferencePrefix = "op://"
)
func GetOnePasswordItemByReference(opConnectClient connect.Client, reference string) (*onepassword.Item, error) {
vaultValue, itemValue, err := ParseReference(reference)
if err != nil {
return nil, err
}
vaultId, err := getVaultId(opConnectClient, vaultValue)
if err != nil {
return nil, err
@@ -33,12 +38,28 @@ func GetOnePasswordItemByPath(opConnectClient connect.Client, path string) (*one
return item, nil
}
func ParseVaultAndItemFromPath(path string) (string, string, error) {
splitPath := strings.Split(path, "/")
if len(splitPath) == 4 && splitPath[0] == "vaults" && splitPath[2] == "items" {
return splitPath[1], splitPath[3], nil
func ParseReference(reference string) (string, string, error) {
if !strings.HasPrefix(reference, secretReferencePrefix) {
return "", "", fmt.Errorf("secret reference should start with `op://`")
}
return "", "", fmt.Errorf("%q is not an acceptable path for One Password item. Must be of the format: `vaults/{vault_id}/items/{item_id}`", path)
path := strings.TrimPrefix(reference, secretReferencePrefix)
splitPath := strings.Split(path, "/")
if len(splitPath) != 2 {
return "", "", fmt.Errorf("Invalid secret reference : %s. Secret references should match op://<vault>/<item>", reference)
}
vault := splitPath[0]
if vault == "" {
return "", "", fmt.Errorf("Invalid secret reference : %s. Vault can't be empty.", reference)
}
item := splitPath[1]
if item == "" {
return "", "", fmt.Errorf("Invalid secret reference : %s. Item can't be empty.", reference)
}
return vault, item, nil
}
func getVaultId(client connect.Client, vaultIdentifier string) (string, error) {

6
pkg/onepassword/secret_update_handler.go
View File

@@ -110,13 +110,13 @@ func (h *SecretUpdateHandler) updateKubernetesSecrets() (map[string]map[string]*
for i := 0; i < len(secrets.Items); i++ {
secret := secrets.Items[i]
itemPath := secret.Annotations[ItemPathAnnotation]
itemReference := secret.Annotations[ItemReferenceAnnotation]
currentVersion := secret.Annotations[VersionAnnotation]
if len(itemPath) == 0 || len(currentVersion) == 0 {
if len(itemReference) == 0 || len(currentVersion) == 0 {
continue
}
item, err := GetOnePasswordItemByPath(h.opConnectClient, secret.Annotations[ItemPathAnnotation])
item, err := GetOnePasswordItemByReference(h.opConnectClient, secret.Annotations[ItemReferenceAnnotation])
if err != nil {
return nil, fmt.Errorf("Failed to retrieve item: %v", err)
}

52
pkg/onepassword/secret_update_handler_test.go
View File

@@ -51,7 +51,7 @@ var (
"password": []byte(password),
"username": []byte(username),
}
itemPath = fmt.Sprintf("vaults/%v/items/%v", vaultId, itemId)
itemReference = fmt.Sprintf("op://%v/%v", vaultId, itemId)
)
var defaultNamespace = &corev1.Namespace{
@@ -74,7 +74,7 @@ var tests = []testUpdateSecretTask{
Namespace: namespace,
Annotations: map[string]string{
NameAnnotation: "unlrelated secret",
ItemPathAnnotation: itemPath,
ItemReferenceAnnotation: itemReference,
},
},
},
@@ -84,7 +84,7 @@ var tests = []testUpdateSecretTask{
Namespace: namespace,
Annotations: map[string]string{
VersionAnnotation: "old version",
ItemPathAnnotation: itemPath,
ItemReferenceAnnotation: itemReference,
},
},
Data: expectedSecretData,
@@ -96,7 +96,7 @@ var tests = []testUpdateSecretTask{
Namespace: namespace,
Annotations: map[string]string{
VersionAnnotation: fmt.Sprint(itemVersion),
ItemPathAnnotation: itemPath,
ItemReferenceAnnotation: itemReference,
},
},
Data: expectedSecretData,
@@ -150,7 +150,7 @@ var tests = []testUpdateSecretTask{
Namespace: namespace,
Annotations: map[string]string{
VersionAnnotation: "old version",
ItemPathAnnotation: itemPath,
ItemReferenceAnnotation: itemReference,
},
},
Data: expectedSecretData,
@@ -162,7 +162,7 @@ var tests = []testUpdateSecretTask{
Namespace: namespace,
Annotations: map[string]string{
VersionAnnotation: fmt.Sprint(itemVersion),
ItemPathAnnotation: itemPath,
ItemReferenceAnnotation: itemReference,
},
},
Data: expectedSecretData,
@@ -186,7 +186,7 @@ var tests = []testUpdateSecretTask{
Name: name,
Namespace: namespace,
Annotations: map[string]string{
ItemPathAnnotation: itemPath,
ItemReferenceAnnotation: itemReference,
NameAnnotation: name,
},
},
@@ -197,7 +197,7 @@ var tests = []testUpdateSecretTask{
Namespace: namespace,
Annotations: map[string]string{
VersionAnnotation: "old version",
ItemPathAnnotation: itemPath,
ItemReferenceAnnotation: itemReference,
},
},
Data: expectedSecretData,
@@ -209,7 +209,7 @@ var tests = []testUpdateSecretTask{
Namespace: namespace,
Annotations: map[string]string{
VersionAnnotation: fmt.Sprint(itemVersion),
ItemPathAnnotation: itemPath,
ItemReferenceAnnotation: itemReference,
},
},
Data: expectedSecretData,
@@ -256,7 +256,7 @@ var tests = []testUpdateSecretTask{
Namespace: namespace,
Annotations: map[string]string{
VersionAnnotation: "old version",
ItemPathAnnotation: itemPath,
ItemReferenceAnnotation: itemReference,
},
},
Data: expectedSecretData,
@@ -268,7 +268,7 @@ var tests = []testUpdateSecretTask{
Namespace: namespace,
Annotations: map[string]string{
VersionAnnotation: fmt.Sprint(itemVersion),
ItemPathAnnotation: itemPath,
ItemReferenceAnnotation: itemReference,
},
},
Data: expectedSecretData,
@@ -292,7 +292,7 @@ var tests = []testUpdateSecretTask{
Name: name,
Namespace: namespace,
Annotations: map[string]string{
ItemPathAnnotation: itemPath,
ItemReferenceAnnotation: itemReference,
NameAnnotation: name,
},
},
@@ -303,7 +303,7 @@ var tests = []testUpdateSecretTask{
Namespace: namespace,
Annotations: map[string]string{
VersionAnnotation: fmt.Sprint(itemVersion),
ItemPathAnnotation: itemPath,
ItemReferenceAnnotation: itemReference,
},
},
Data: expectedSecretData,
@@ -315,7 +315,7 @@ var tests = []testUpdateSecretTask{
Namespace: namespace,
Annotations: map[string]string{
VersionAnnotation: fmt.Sprint(itemVersion),
ItemPathAnnotation: itemPath,
ItemReferenceAnnotation: itemReference,
},
},
Data: expectedSecretData,
@@ -370,7 +370,7 @@ var tests = []testUpdateSecretTask{
Namespace: namespace,
Annotations: map[string]string{
VersionAnnotation: "old version",
ItemPathAnnotation: itemPath,
ItemReferenceAnnotation: itemReference,
},
},
Data: expectedSecretData,
@@ -382,7 +382,7 @@ var tests = []testUpdateSecretTask{
Namespace: namespace,
Annotations: map[string]string{
VersionAnnotation: fmt.Sprint(itemVersion),
ItemPathAnnotation: itemPath,
ItemReferenceAnnotation: itemReference,
},
},
Data: expectedSecretData,
@@ -439,7 +439,7 @@ var tests = []testUpdateSecretTask{
Namespace: namespace,
Annotations: map[string]string{
VersionAnnotation: "old version",
ItemPathAnnotation: itemPath,
ItemReferenceAnnotation: itemReference,
RestartDeploymentsAnnotation: "true",
},
},
@@ -452,7 +452,7 @@ var tests = []testUpdateSecretTask{
Namespace: namespace,
Annotations: map[string]string{
VersionAnnotation: fmt.Sprint(itemVersion),
ItemPathAnnotation: itemPath,
ItemReferenceAnnotation: itemReference,
RestartDeploymentsAnnotation: "true",
},
},
@@ -510,7 +510,7 @@ var tests = []testUpdateSecretTask{
Namespace: namespace,
Annotations: map[string]string{
VersionAnnotation: "old version",
ItemPathAnnotation: itemPath,
ItemReferenceAnnotation: itemReference,
RestartDeploymentsAnnotation: "false",
},
},
@@ -523,7 +523,7 @@ var tests = []testUpdateSecretTask{
Namespace: namespace,
Annotations: map[string]string{
VersionAnnotation: fmt.Sprint(itemVersion),
ItemPathAnnotation: itemPath,
ItemReferenceAnnotation: itemReference,
RestartDeploymentsAnnotation: "false",
},
},
@@ -581,7 +581,7 @@ var tests = []testUpdateSecretTask{
Namespace: namespace,
Annotations: map[string]string{
VersionAnnotation: "old version",
ItemPathAnnotation: itemPath,
ItemReferenceAnnotation: itemReference,
},
},
Data: expectedSecretData,
@@ -593,7 +593,7 @@ var tests = []testUpdateSecretTask{
Namespace: namespace,
Annotations: map[string]string{
VersionAnnotation: fmt.Sprint(itemVersion),
ItemPathAnnotation: itemPath,
ItemReferenceAnnotation: itemReference,
},
},
Data: expectedSecretData,
@@ -658,7 +658,7 @@ var tests = []testUpdateSecretTask{
Namespace: namespace,
Annotations: map[string]string{
VersionAnnotation: "old version",
ItemPathAnnotation: itemPath,
ItemReferenceAnnotation: itemReference,
},
},
Data: expectedSecretData,
@@ -670,7 +670,7 @@ var tests = []testUpdateSecretTask{
Namespace: namespace,
Annotations: map[string]string{
VersionAnnotation: fmt.Sprint(itemVersion),
ItemPathAnnotation: itemPath,
ItemReferenceAnnotation: itemReference,
},
},
Data: expectedSecretData,
@@ -731,7 +731,7 @@ var tests = []testUpdateSecretTask{
Namespace: namespace,
Annotations: map[string]string{
VersionAnnotation: "old version",
ItemPathAnnotation: itemPath,
ItemReferenceAnnotation: itemReference,
},
},
Data: expectedSecretData,
@@ -743,7 +743,7 @@ var tests = []testUpdateSecretTask{
Namespace: namespace,
Annotations: map[string]string{
VersionAnnotation: fmt.Sprint(itemVersion),
ItemPathAnnotation: itemPath,
ItemReferenceAnnotation: itemReference,
},
},
Data: expectedSecretData,