From bd96d50a9ba90345c49c0b450dea0c704ec8c13a Mon Sep 17 00:00:00 2001 From: mcmarkj Date: Fri, 28 May 2021 16:39:00 +0100 Subject: [PATCH 1/8] Add Labels & Annotations from OPObject to Secret --- .../deployment/deployment_controller.go | 4 ++- .../onepassworditem_controller.go | 6 +++-- .../kubernetes_secrets_builder.go | 25 ++++++++++++++----- .../kubernetes_secrets_builder_test.go | 19 +++++++++++--- pkg/onepassword/secret_update_handler.go | 2 +- 5 files changed, 42 insertions(+), 14 deletions(-) diff --git a/pkg/controller/deployment/deployment_controller.go b/pkg/controller/deployment/deployment_controller.go index 93ff956..e4fd363 100644 --- a/pkg/controller/deployment/deployment_controller.go +++ b/pkg/controller/deployment/deployment_controller.go @@ -191,6 +191,8 @@ func (r *ReconcileDeployment) HandleApplyingDeployment(namespace string, annotat reqLog := log.WithValues("Request.Namespace", request.Namespace, "Request.Name", request.Name) secretName := annotations[op.NameAnnotation] + secretLabels := map[string]string{} + secretAnnotations := map[string]string{} if len(secretName) == 0 { reqLog.Info("No 'item-name' annotation set. 'item-path' and 'item-name' must be set as annotations to add new secret.") return nil @@ -201,5 +203,5 @@ func (r *ReconcileDeployment) HandleApplyingDeployment(namespace string, annotat return fmt.Errorf("Failed to retrieve item: %v", err) } - return kubeSecrets.CreateKubernetesSecretFromItem(r.kubeClient, secretName, namespace, item, annotations[op.RestartDeploymentsAnnotation]) + return kubeSecrets.CreateKubernetesSecretFromItem(r.kubeClient, secretName, namespace, item, annotations[op.RestartDeploymentsAnnotation], secretLabels, secretAnnotations) } diff --git a/pkg/controller/onepassworditem/onepassworditem_controller.go b/pkg/controller/onepassworditem/onepassworditem_controller.go index 3c808bd..b57721b 100644 --- a/pkg/controller/onepassworditem/onepassworditem_controller.go +++ b/pkg/controller/onepassworditem/onepassworditem_controller.go @@ -144,12 +144,14 @@ func (r *ReconcileOnePasswordItem) removeOnePasswordFinalizerFromOnePasswordItem func (r *ReconcileOnePasswordItem) HandleOnePasswordItem(resource *onepasswordv1.OnePasswordItem, request reconcile.Request) error { secretName := resource.GetName() - autoRestart := resource.Annotations[op.RestartDeploymentsAnnotation] + labels := resource.Labels + annotations := resource.Annotations + autoRestart := annotations[op.RestartDeploymentsAnnotation] item, err := onepassword.GetOnePasswordItemByPath(r.opConnectClient, resource.Spec.ItemPath) if err != nil { return fmt.Errorf("Failed to retrieve item: %v", err) } - return kubeSecrets.CreateKubernetesSecretFromItem(r.kubeClient, secretName, resource.Namespace, item, autoRestart) + return kubeSecrets.CreateKubernetesSecretFromItem(r.kubeClient, secretName, resource.Namespace, item, autoRestart, labels, annotations) } diff --git a/pkg/kubernetessecrets/kubernetes_secrets_builder.go b/pkg/kubernetessecrets/kubernetes_secrets_builder.go index 0c658f7..76671ef 100644 --- a/pkg/kubernetessecrets/kubernetes_secrets_builder.go +++ b/pkg/kubernetessecrets/kubernetes_secrets_builder.go @@ -23,22 +23,34 @@ const RestartDeploymentsAnnotation = OnepasswordPrefix + "/auto-restart" var log = logf.Log -func CreateKubernetesSecretFromItem(kubeClient kubernetesClient.Client, secretName, namespace string, item *onepassword.Item, autoRestart string) error { + +func CreateKubernetesSecretFromItem(kubeClient kubernetesClient.Client, secretName, namespace string, item *onepassword.Item, autoRestart string, labels map[string]string, annotations map[string]string) error { itemVersion := fmt.Sprint(item.Version) - annotations := map[string]string{ + + // Remove OP Annotations if they already exist + delete(annotations,VersionAnnotation) + delete(annotations,ItemPathAnnotation) + + secretAnnotations := map[string]string{ VersionAnnotation: itemVersion, ItemPathAnnotation: fmt.Sprintf("vaults/%v/items/%v", item.Vault.ID, item.ID), } + + // Merge the original annotations map, with our new secretAnnotations map + for k, v := range annotations { + secretAnnotations[k] = v + } + if autoRestart != "" { _, err := utils.StringToBool(autoRestart) if err != nil { log.Error(err, "Error parsing %v annotation on Secret %v. Must be true or false. Defaulting to false.", RestartDeploymentsAnnotation, secretName) return err } - annotations[RestartDeploymentsAnnotation] = autoRestart + secretAnnotations[RestartDeploymentsAnnotation] = autoRestart } - secret := BuildKubernetesSecretFromOnePasswordItem(secretName, namespace, annotations, *item) + secret := BuildKubernetesSecretFromOnePasswordItem(secretName, namespace, secretAnnotations, labels, *item) currentSecret := &corev1.Secret{} err := kubeClient.Get(context.Background(), types.NamespacedName{Name: secret.Name, Namespace: secret.Namespace}, currentSecret) @@ -51,7 +63,7 @@ func CreateKubernetesSecretFromItem(kubeClient kubernetesClient.Client, secretNa if currentSecret.Annotations[VersionAnnotation] != itemVersion { log.Info(fmt.Sprintf("Updating Secret %v at namespace '%v'", secret.Name, secret.Namespace)) - currentSecret.ObjectMeta.Annotations = annotations + currentSecret.ObjectMeta.Annotations = secretAnnotations currentSecret.Data = secret.Data return kubeClient.Update(context.Background(), currentSecret) } @@ -60,12 +72,13 @@ func CreateKubernetesSecretFromItem(kubeClient kubernetesClient.Client, secretNa return nil } -func BuildKubernetesSecretFromOnePasswordItem(name, namespace string, annotations map[string]string, item onepassword.Item) *corev1.Secret { +func BuildKubernetesSecretFromOnePasswordItem(name, namespace string, annotations map[string]string, labels map[string]string, item onepassword.Item) *corev1.Secret { return &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ Name: name, Namespace: namespace, Annotations: annotations, + Labels: labels, }, Data: BuildKubernetesSecretData(item.Fields), } diff --git a/pkg/kubernetessecrets/kubernetes_secrets_builder_test.go b/pkg/kubernetessecrets/kubernetes_secrets_builder_test.go index cb331c6..c1913c8 100644 --- a/pkg/kubernetessecrets/kubernetes_secrets_builder_test.go +++ b/pkg/kubernetessecrets/kubernetes_secrets_builder_test.go @@ -30,7 +30,11 @@ func TestCreateKubernetesSecretFromOnePasswordItem(t *testing.T) { item.ID = "h46bb3jddvay7nxopfhvlwg35q" kubeClient := fake.NewFakeClient() - err := CreateKubernetesSecretFromItem(kubeClient, secretName, namespace, &item, restartDeploymentAnnotation) + secretLabels := map[string]string{} + secretAnnotations := map[string]string{ + "testAnnotation": "exists", + } + err := CreateKubernetesSecretFromItem(kubeClient, secretName, namespace, &item, restartDeploymentAnnotation, secretLabels, secretAnnotations) if err != nil { t.Errorf("Unexpected error: %v", err) } @@ -42,6 +46,10 @@ func TestCreateKubernetesSecretFromOnePasswordItem(t *testing.T) { } compareFields(item.Fields, createdSecret.Data, t) compareAnnotationsToItem(createdSecret.Annotations, item, t) + + if createdSecret.Annotations["testAnnotation"] != "exists" { + t.Errorf("Expected testAnntion to be merged with existing annotations, but wasn't.") + } } func TestUpdateKubernetesSecretFromOnePasswordItem(t *testing.T) { @@ -55,7 +63,9 @@ func TestUpdateKubernetesSecretFromOnePasswordItem(t *testing.T) { item.ID = "h46bb3jddvay7nxopfhvlwg35q" kubeClient := fake.NewFakeClient() - err := CreateKubernetesSecretFromItem(kubeClient, secretName, namespace, &item, restartDeploymentAnnotation) + secretLabels := map[string]string{} + secretAnnotations := map[string]string{} + err := CreateKubernetesSecretFromItem(kubeClient, secretName, namespace, &item, restartDeploymentAnnotation, secretLabels, secretAnnotations) if err != nil { t.Errorf("Unexpected error: %v", err) } @@ -66,7 +76,7 @@ func TestUpdateKubernetesSecretFromOnePasswordItem(t *testing.T) { newItem.Version = 456 newItem.Vault.ID = "hfnjvi6aymbsnfc2xeeoheizda" newItem.ID = "h46bb3jddvay7nxopfhvlwg35q" - err = CreateKubernetesSecretFromItem(kubeClient, secretName, namespace, &newItem, restartDeploymentAnnotation) + err = CreateKubernetesSecretFromItem(kubeClient, secretName, namespace, &newItem, restartDeploymentAnnotation, secretLabels, secretAnnotations) if err != nil { t.Errorf("Unexpected error: %v", err) } @@ -99,8 +109,9 @@ func TestBuildKubernetesSecretFromOnePasswordItem(t *testing.T) { } item := onepassword.Item{} item.Fields = generateFields(5) + labels := map[string]string{} - kubeSecret := BuildKubernetesSecretFromOnePasswordItem(name, namespace, annotations, item) + kubeSecret := BuildKubernetesSecretFromOnePasswordItem(name, namespace, annotations, labels, item) if kubeSecret.Name != name { t.Errorf("Expected name value: %v but got: %v", name, kubeSecret.Name) } diff --git a/pkg/onepassword/secret_update_handler.go b/pkg/onepassword/secret_update_handler.go index cb1f659..ad2e8d6 100644 --- a/pkg/onepassword/secret_update_handler.go +++ b/pkg/onepassword/secret_update_handler.go @@ -131,7 +131,7 @@ func (h *SecretUpdateHandler) updateKubernetesSecrets() (map[string]map[string]* } log.Info(fmt.Sprintf("Updating kubernetes secret '%v'", secret.GetName())) secret.Annotations[VersionAnnotation] = itemVersion - updatedSecret := kubeSecrets.BuildKubernetesSecretFromOnePasswordItem(secret.Name, secret.Namespace, secret.Annotations, *item) + updatedSecret := kubeSecrets.BuildKubernetesSecretFromOnePasswordItem(secret.Name, secret.Namespace, secret.Annotations, secret.Labels, *item) h.client.Update(context.Background(), updatedSecret) if updatedSecrets[secret.Namespace] == nil { updatedSecrets[secret.Namespace] = make(map[string]*corev1.Secret) From ea2d1f8a09ccce72ab731b8b679aaab1d7bff252 Mon Sep 17 00:00:00 2001 From: mcmarkj Date: Fri, 28 May 2021 18:11:10 +0100 Subject: [PATCH 2/8] Typo --- pkg/kubernetessecrets/kubernetes_secrets_builder_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/kubernetessecrets/kubernetes_secrets_builder_test.go b/pkg/kubernetessecrets/kubernetes_secrets_builder_test.go index c1913c8..a1ec7e9 100644 --- a/pkg/kubernetessecrets/kubernetes_secrets_builder_test.go +++ b/pkg/kubernetessecrets/kubernetes_secrets_builder_test.go @@ -48,7 +48,7 @@ func TestCreateKubernetesSecretFromOnePasswordItem(t *testing.T) { compareAnnotationsToItem(createdSecret.Annotations, item, t) if createdSecret.Annotations["testAnnotation"] != "exists" { - t.Errorf("Expected testAnntion to be merged with existing annotations, but wasn't.") + t.Errorf("Expected testAnnotation to be merged with existing annotations, but wasn't.") } } From a428fe74620e9d36267005b7079f38bb32a28101 Mon Sep 17 00:00:00 2001 From: mcmarkj Date: Fri, 28 May 2021 18:15:17 +0100 Subject: [PATCH 3/8] GoFMT --- pkg/kubernetessecrets/kubernetes_secrets_builder.go | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/pkg/kubernetessecrets/kubernetes_secrets_builder.go b/pkg/kubernetessecrets/kubernetes_secrets_builder.go index 76671ef..2929363 100644 --- a/pkg/kubernetessecrets/kubernetes_secrets_builder.go +++ b/pkg/kubernetessecrets/kubernetes_secrets_builder.go @@ -23,14 +23,13 @@ const RestartDeploymentsAnnotation = OnepasswordPrefix + "/auto-restart" var log = logf.Log - func CreateKubernetesSecretFromItem(kubeClient kubernetesClient.Client, secretName, namespace string, item *onepassword.Item, autoRestart string, labels map[string]string, annotations map[string]string) error { itemVersion := fmt.Sprint(item.Version) // Remove OP Annotations if they already exist - delete(annotations,VersionAnnotation) - delete(annotations,ItemPathAnnotation) + delete(annotations, VersionAnnotation) + delete(annotations, ItemPathAnnotation) secretAnnotations := map[string]string{ VersionAnnotation: itemVersion, @@ -78,7 +77,7 @@ func BuildKubernetesSecretFromOnePasswordItem(name, namespace string, annotation Name: name, Namespace: namespace, Annotations: annotations, - Labels: labels, + Labels: labels, }, Data: BuildKubernetesSecretData(item.Fields), } From fb1262f1bd133428a09de1c7c88b0288373011fd Mon Sep 17 00:00:00 2001 From: mcmarkj Date: Mon, 7 Jun 2021 21:51:44 +0100 Subject: [PATCH 4/8] PR Feedback' --- .../kubernetes_secrets_builder.go | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) diff --git a/pkg/kubernetessecrets/kubernetes_secrets_builder.go b/pkg/kubernetessecrets/kubernetes_secrets_builder.go index 2929363..280c972 100644 --- a/pkg/kubernetessecrets/kubernetes_secrets_builder.go +++ b/pkg/kubernetessecrets/kubernetes_secrets_builder.go @@ -23,23 +23,17 @@ const RestartDeploymentsAnnotation = OnepasswordPrefix + "/auto-restart" var log = logf.Log -func CreateKubernetesSecretFromItem(kubeClient kubernetesClient.Client, secretName, namespace string, item *onepassword.Item, autoRestart string, labels map[string]string, annotations map[string]string) error { +func CreateKubernetesSecretFromItem(kubeClient kubernetesClient.Client, secretName, namespace string, item *onepassword.Item, autoRestart string, labels map[string]string, secretAnnotations map[string]string) error { itemVersion := fmt.Sprint(item.Version) - // Remove OP Annotations if they already exist - delete(annotations, VersionAnnotation) - delete(annotations, ItemPathAnnotation) - - secretAnnotations := map[string]string{ - VersionAnnotation: itemVersion, - ItemPathAnnotation: fmt.Sprintf("vaults/%v/items/%v", item.Vault.ID, item.ID), + // If secretAnnotations is nil we create an empty map so we can later assign values for the OP Annotations in the map + if secretAnnotations == nil { + secretAnnotations = map[string]string{} } - // Merge the original annotations map, with our new secretAnnotations map - for k, v := range annotations { - secretAnnotations[k] = v - } + secretAnnotations[VersionAnnotation] = itemVersion + secretAnnotations[ItemPathAnnotation] = fmt.Sprintf("vaults/%v/items/%v", item.Vault.ID, item.ID) if autoRestart != "" { _, err := utils.StringToBool(autoRestart) From 2096f4440fb4e6011f1e1e60927e2bc92113820e Mon Sep 17 00:00:00 2001 From: mcmarkj Date: Tue, 3 Aug 2021 21:32:04 +0100 Subject: [PATCH 5/8] add logic for checking for label or annotation updates --- pkg/kubernetessecrets/kubernetes_secrets_builder.go | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/pkg/kubernetessecrets/kubernetes_secrets_builder.go b/pkg/kubernetessecrets/kubernetes_secrets_builder.go index 280c972..093ede1 100644 --- a/pkg/kubernetessecrets/kubernetes_secrets_builder.go +++ b/pkg/kubernetessecrets/kubernetes_secrets_builder.go @@ -54,9 +54,10 @@ func CreateKubernetesSecretFromItem(kubeClient kubernetesClient.Client, secretNa return err } - if currentSecret.Annotations[VersionAnnotation] != itemVersion { + if CompareSecretFieldsWithOnePasswordItem(currentSecret.Annotations, secretAnnotations) || CompareSecretFieldsWithOnePasswordItem(currentSecret.Labels, labels) { log.Info(fmt.Sprintf("Updating Secret %v at namespace '%v'", secret.Name, secret.Namespace)) currentSecret.ObjectMeta.Annotations = secretAnnotations + currentSecret.ObjectMeta.Labels = labels currentSecret.Data = secret.Data return kubeClient.Update(context.Background(), currentSecret) } @@ -86,3 +87,13 @@ func BuildKubernetesSecretData(fields []*onepassword.ItemField) map[string][]byt } return secretData } + +func CompareSecretFieldsWithOnePasswordItem(currentSecretsFields map[string]string, expectedFieldsOnSecret map[string]string) bool{ + for key, value := range expectedFieldsOnSecret { + currentValue, exists := currentSecretsFields[key] + if !exists || currentValue != value { + return true + } + } + return false +} \ No newline at end of file From dff934cbc363b3ce212ebb424268e4052c2690e0 Mon Sep 17 00:00:00 2001 From: mcmarkj Date: Wed, 4 Aug 2021 06:33:56 +0100 Subject: [PATCH 6/8] Fix tests --- 1 | 6 ++++++ pkg/controller/deployment/deployment_controller_test.go | 3 +++ pkg/controller/onepassworditem/onepassworditem_test.go | 2 ++ 3 files changed, 11 insertions(+) create mode 100644 1 diff --git a/1 b/1 new file mode 100644 index 0000000..426b912 --- /dev/null +++ b/1 @@ -0,0 +1,6 @@ +Merge branch 'main' of github.com:1Password/onepassword-operator into pass-labels-and-annotations +# Please enter a commit message to explain why this merge is necessary, +# especially if it merges an updated upstream into a topic branch. +# +# Lines starting with '#' will be ignored, and an empty message aborts +# the commit. diff --git a/pkg/controller/deployment/deployment_controller_test.go b/pkg/controller/deployment/deployment_controller_test.go index d4b99d2..9ab7a55 100644 --- a/pkg/controller/deployment/deployment_controller_test.go +++ b/pkg/controller/deployment/deployment_controller_test.go @@ -268,6 +268,7 @@ var tests = []testReconcileItem{ Name: name, Namespace: namespace, Annotations: map[string]string{ + op.VersionAnnotation: fmt.Sprint(version), op.ItemPathAnnotation: itemPath, op.NameAnnotation: name, }, @@ -278,6 +279,7 @@ var tests = []testReconcileItem{ Name: name, Namespace: namespace, Annotations: map[string]string{ + op.ItemPathAnnotation: itemPath, op.VersionAnnotation: fmt.Sprint(version), }, }, @@ -289,6 +291,7 @@ var tests = []testReconcileItem{ Name: name, Namespace: namespace, Annotations: map[string]string{ + op.ItemPathAnnotation: itemPath, op.VersionAnnotation: fmt.Sprint(version), }, }, diff --git a/pkg/controller/onepassworditem/onepassworditem_test.go b/pkg/controller/onepassworditem/onepassworditem_test.go index 2639f18..26eb5df 100644 --- a/pkg/controller/onepassworditem/onepassworditem_test.go +++ b/pkg/controller/onepassworditem/onepassworditem_test.go @@ -117,6 +117,7 @@ var tests = []testReconcileItem{ Namespace: namespace, Annotations: map[string]string{ op.VersionAnnotation: fmt.Sprint(version), + op.ItemPathAnnotation: itemPath, }, }, Data: expectedSecretData, @@ -128,6 +129,7 @@ var tests = []testReconcileItem{ Namespace: namespace, Annotations: map[string]string{ op.VersionAnnotation: fmt.Sprint(version), + op.ItemPathAnnotation: itemPath, }, }, Data: expectedSecretData, From c0037526b0698724c7c8d7c1f3fe8b04a61b2ebb Mon Sep 17 00:00:00 2001 From: mcmarkj Date: Sun, 15 Aug 2021 15:32:18 +0100 Subject: [PATCH 7/8] remove commit file --- 1 | 6 ------ 1 file changed, 6 deletions(-) delete mode 100644 1 diff --git a/1 b/1 deleted file mode 100644 index 426b912..0000000 --- a/1 +++ /dev/null @@ -1,6 +0,0 @@ -Merge branch 'main' of github.com:1Password/onepassword-operator into pass-labels-and-annotations -# Please enter a commit message to explain why this merge is necessary, -# especially if it merges an updated upstream into a topic branch. -# -# Lines starting with '#' will be ignored, and an empty message aborts -# the commit. From f241d7423d0c5952953469d3562d5397a5f2fdd4 Mon Sep 17 00:00:00 2001 From: mcmarkj Date: Thu, 19 Aug 2021 16:11:29 +0100 Subject: [PATCH 8/8] Use deepequal --- pkg/controller/deployment/deployment_controller.go | 5 ++--- .../deployment/deployment_controller_test.go | 11 +++++++---- .../onepassworditem/onepassworditem_test.go | 9 +++++++++ .../kubernetes_secrets_builder.go | 14 ++------------ 4 files changed, 20 insertions(+), 19 deletions(-) diff --git a/pkg/controller/deployment/deployment_controller.go b/pkg/controller/deployment/deployment_controller.go index e4fd363..3b81fdf 100644 --- a/pkg/controller/deployment/deployment_controller.go +++ b/pkg/controller/deployment/deployment_controller.go @@ -191,8 +191,7 @@ func (r *ReconcileDeployment) HandleApplyingDeployment(namespace string, annotat reqLog := log.WithValues("Request.Namespace", request.Namespace, "Request.Name", request.Name) secretName := annotations[op.NameAnnotation] - secretLabels := map[string]string{} - secretAnnotations := map[string]string{} + secretLabels := map[string]string(nil) if len(secretName) == 0 { reqLog.Info("No 'item-name' annotation set. 'item-path' and 'item-name' must be set as annotations to add new secret.") return nil @@ -203,5 +202,5 @@ func (r *ReconcileDeployment) HandleApplyingDeployment(namespace string, annotat return fmt.Errorf("Failed to retrieve item: %v", err) } - return kubeSecrets.CreateKubernetesSecretFromItem(r.kubeClient, secretName, namespace, item, annotations[op.RestartDeploymentsAnnotation], secretLabels, secretAnnotations) + return kubeSecrets.CreateKubernetesSecretFromItem(r.kubeClient, secretName, namespace, item, annotations[op.RestartDeploymentsAnnotation], secretLabels, annotations) } diff --git a/pkg/controller/deployment/deployment_controller_test.go b/pkg/controller/deployment/deployment_controller_test.go index 9ab7a55..25ae956 100644 --- a/pkg/controller/deployment/deployment_controller_test.go +++ b/pkg/controller/deployment/deployment_controller_test.go @@ -258,7 +258,7 @@ var tests = []testReconcileItem{ }, }, { - testName: "Test Do not update if OnePassword Item Version has not changed", + testName: "Test Do not update if Annotations have not changed", deploymentResource: &appsv1.Deployment{ TypeMeta: metav1.TypeMeta{ Kind: deploymentKind, @@ -268,10 +268,10 @@ var tests = []testReconcileItem{ Name: name, Namespace: namespace, Annotations: map[string]string{ - op.VersionAnnotation: fmt.Sprint(version), op.ItemPathAnnotation: itemPath, op.NameAnnotation: name, }, + Labels: map[string]string{}, }, }, existingSecret: &corev1.Secret{ @@ -279,8 +279,9 @@ var tests = []testReconcileItem{ Name: name, Namespace: namespace, Annotations: map[string]string{ - op.ItemPathAnnotation: itemPath, op.VersionAnnotation: fmt.Sprint(version), + op.ItemPathAnnotation: itemPath, + op.NameAnnotation: name, }, }, Data: expectedSecretData, @@ -291,9 +292,11 @@ var tests = []testReconcileItem{ Name: name, Namespace: namespace, Annotations: map[string]string{ - op.ItemPathAnnotation: itemPath, op.VersionAnnotation: fmt.Sprint(version), + op.ItemPathAnnotation: itemPath, + op.NameAnnotation: name, }, + Labels: map[string]string(nil), }, Data: expectedSecretData, }, diff --git a/pkg/controller/onepassworditem/onepassworditem_test.go b/pkg/controller/onepassworditem/onepassworditem_test.go index 26eb5df..296ef27 100644 --- a/pkg/controller/onepassworditem/onepassworditem_test.go +++ b/pkg/controller/onepassworditem/onepassworditem_test.go @@ -149,6 +149,11 @@ var tests = []testReconcileItem{ ObjectMeta: metav1.ObjectMeta{ Name: name, Namespace: namespace, + Annotations: map[string]string{ + op.VersionAnnotation: fmt.Sprint(version), + op.ItemPathAnnotation: itemPath, + }, + Labels: map[string]string{}, }, Spec: onepasswordv1.OnePasswordItemSpec{ ItemPath: itemPath, @@ -160,7 +165,9 @@ var tests = []testReconcileItem{ Namespace: namespace, Annotations: map[string]string{ op.VersionAnnotation: "456", + op.ItemPathAnnotation: itemPath, }, + Labels: map[string]string{}, }, Data: expectedSecretData, }, @@ -171,7 +178,9 @@ var tests = []testReconcileItem{ Namespace: namespace, Annotations: map[string]string{ op.VersionAnnotation: fmt.Sprint(version), + op.ItemPathAnnotation: itemPath, }, + Labels: map[string]string{}, }, Data: expectedSecretData, }, diff --git a/pkg/kubernetessecrets/kubernetes_secrets_builder.go b/pkg/kubernetessecrets/kubernetes_secrets_builder.go index 093ede1..40f411f 100644 --- a/pkg/kubernetessecrets/kubernetes_secrets_builder.go +++ b/pkg/kubernetessecrets/kubernetes_secrets_builder.go @@ -3,13 +3,13 @@ package kubernetessecrets import ( "context" "fmt" - "github.com/1Password/connect-sdk-go/onepassword" "github.com/1Password/onepassword-operator/pkg/utils" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" + "reflect" kubernetesClient "sigs.k8s.io/controller-runtime/pkg/client" logf "sigs.k8s.io/controller-runtime/pkg/log" ) @@ -54,7 +54,7 @@ func CreateKubernetesSecretFromItem(kubeClient kubernetesClient.Client, secretNa return err } - if CompareSecretFieldsWithOnePasswordItem(currentSecret.Annotations, secretAnnotations) || CompareSecretFieldsWithOnePasswordItem(currentSecret.Labels, labels) { + if ! reflect.DeepEqual(currentSecret.Annotations, secretAnnotations) || ! reflect.DeepEqual(currentSecret.Labels, labels) { log.Info(fmt.Sprintf("Updating Secret %v at namespace '%v'", secret.Name, secret.Namespace)) currentSecret.ObjectMeta.Annotations = secretAnnotations currentSecret.ObjectMeta.Labels = labels @@ -87,13 +87,3 @@ func BuildKubernetesSecretData(fields []*onepassword.ItemField) map[string][]byt } return secretData } - -func CompareSecretFieldsWithOnePasswordItem(currentSecretsFields map[string]string, expectedFieldsOnSecret map[string]string) bool{ - for key, value := range expectedFieldsOnSecret { - currentValue, exists := currentSecretsFields[key] - if !exists || currentValue != value { - return true - } - } - return false -} \ No newline at end of file