Initial 1Password Operator commit

2025-10-24 08:20:45 +00:00 · 2020-12-10 18:07:27 -04:00
commit 824f54b4fa
2651 changed files with 890643 additions and 0 deletions
--- a/vendor/github.com/1Password/connect-sdk-go/connect/client.go
+++ b/vendor/github.com/1Password/connect-sdk-go/connect/client.go
@@ -0,0 +1,350 @@
+package connect
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"os"
+
+	"github.com/1Password/connect-sdk-go/onepassword"
+	opentracing "github.com/opentracing/opentracing-go"
+	"github.com/opentracing/opentracing-go/ext"
+	jaegerClientConfig "github.com/uber/jaeger-client-go/config"
+	"github.com/uber/jaeger-client-go/zipkin"
+)
+
+const (
+	defaultUserAgent = "connect-sdk-go/0.0.1"
+)
+
+// Client Represents an available 1Password Connect API to connect to
+type Client interface {
+	GetVaults() ([]onepassword.Vault, error)
+	GetItem(uuid string, vaultUUID string) (*onepassword.Item, error)
+	GetItems(vaultUUID string) ([]onepassword.Item, error)
+	GetItemByTitle(title string, vaultUUID string) (*onepassword.Item, error)
+	CreateItem(item *onepassword.Item, vaultUUID string) (*onepassword.Item, error)
+	UpdateItem(item *onepassword.Item, vaultUUID string) (*onepassword.Item, error)
+	DeleteItem(item *onepassword.Item, vaultUUID string) error
+}
+
+type httpClient interface {
+	Do(req *http.Request) (*http.Response, error)
+}
+
+const (
+	envHostVariable  = "OP_CONNECT_HOST"
+	envTokenVariable = "OP_CONNECT_TOKEN"
+)
+
+// NewClientFromEnvironment Returns a Secret Service client assuming that your
+// jwt is set in the OP_TOKEN environment variable
+func NewClientFromEnvironment() (Client, error) {
+	host, found := os.LookupEnv(envHostVariable)
+	if !found {
+		return nil, fmt.Errorf("There is no hostname available in the %q variable", envHostVariable)
+	}
+
+	token, found := os.LookupEnv(envTokenVariable)
+	if !found {
+		return nil, fmt.Errorf("There is no token available in the %q variable", envTokenVariable)
+	}
+
+	return NewClient(host, token), nil
+}
+
+// NewClient Returns a Secret Service client for a given url and jwt
+func NewClient(url string, token string) Client {
+	return NewClientWithUserAgent(url, token, defaultUserAgent)
+}
+
+// NewClientWithUserAgent Returns a Secret Service client for a given url and jwt and identifies with userAgent
+func NewClientWithUserAgent(url string, token string, userAgent string) Client {
+	if !opentracing.IsGlobalTracerRegistered() {
+		cfg := jaegerClientConfig.Configuration{}
+		zipkinPropagator := zipkin.NewZipkinB3HTTPHeaderPropagator()
+		cfg.InitGlobalTracer(
+			userAgent,
+			jaegerClientConfig.Injector(opentracing.HTTPHeaders, zipkinPropagator),
+			jaegerClientConfig.Extractor(opentracing.HTTPHeaders, zipkinPropagator),
+			jaegerClientConfig.ZipkinSharedRPCSpan(true),
+		)
+	}
+
+	return &restClient{
+		URL:   url,
+		Token: token,
+
+		userAgent: userAgent,
+		tracer:    opentracing.GlobalTracer(),
+
+		client: http.DefaultClient,
+	}
+}
+
+type restClient struct {
+	URL       string
+	Token     string
+	userAgent string
+	tracer    opentracing.Tracer
+	client    httpClient
+}
+
+// GetVaults Get a list of all available vaults
+func (rs *restClient) GetVaults() ([]onepassword.Vault, error) {
+	span := rs.tracer.StartSpan("GetVaults")
+	defer span.Finish()
+
+	vaultURL := fmt.Sprintf("/v1/vaults")
+	request, err := rs.buildRequest(http.MethodGet, vaultURL, http.NoBody, span)
+	if err != nil {
+		return nil, err
+	}
+
+	response, err := rs.client.Do(request)
+	if err != nil {
+		return nil, err
+	}
+
+	if response.StatusCode != http.StatusOK {
+		return nil, fmt.Errorf("Unable to retrieve vaults. Receieved %q for %q", response.Status, vaultURL)
+	}
+
+	body, err := ioutil.ReadAll(response.Body)
+	if err != nil {
+		return nil, err
+	}
+
+	vaults := []onepassword.Vault{}
+	if err := json.Unmarshal(body, &vaults); err != nil {
+		return nil, err
+	}
+
+	return vaults, nil
+}
+
+// GetItem Get a specific Item from the 1Password Connect API
+func (rs *restClient) GetItem(uuid string, vaultUUID string) (*onepassword.Item, error) {
+	span := rs.tracer.StartSpan("GetItem")
+	defer span.Finish()
+
+	itemURL := fmt.Sprintf("/v1/vaults/%s/items/%s", vaultUUID, uuid)
+	request, err := rs.buildRequest(http.MethodGet, itemURL, http.NoBody, span)
+	if err != nil {
+		return nil, err
+	}
+
+	response, err := rs.client.Do(request)
+	if err != nil {
+		return nil, err
+	}
+
+	if response.StatusCode != http.StatusOK {
+		return nil, fmt.Errorf("Unable to retrieve item. Receieved %q for %q", response.Status, itemURL)
+	}
+
+	body, err := ioutil.ReadAll(response.Body)
+	if err != nil {
+		return nil, err
+	}
+
+	item := onepassword.Item{}
+	if err := json.Unmarshal(body, &item); err != nil {
+		return nil, err
+	}
+
+	return &item, nil
+}
+
+func (rs *restClient) GetItemByTitle(title string, vaultUUID string) (*onepassword.Item, error) {
+	span := rs.tracer.StartSpan("GetItemByTitle")
+	defer span.Finish()
+
+	filter := url.QueryEscape(fmt.Sprintf("title eq \"%s\"", title))
+	itemURL := fmt.Sprintf("/v1/vaults/%s/items?filter=%s", vaultUUID, filter)
+	request, err := rs.buildRequest(http.MethodGet, itemURL, http.NoBody, span)
+	if err != nil {
+		return nil, err
+	}
+
+	response, err := rs.client.Do(request)
+	if err != nil {
+		return nil, err
+	}
+
+	if response.StatusCode != http.StatusOK {
+		return nil, fmt.Errorf("Unable to retrieve item. Receieved %q for %q", response.Status, itemURL)
+	}
+
+	body, err := ioutil.ReadAll(response.Body)
+	if err != nil {
+		return nil, err
+	}
+
+	items := []onepassword.Item{}
+	if err := json.Unmarshal(body, &items); err != nil {
+		return nil, err
+	}
+
+	if len(items) != 1 {
+		return nil, fmt.Errorf("Found %d item(s) in vault %q with title %q", len(items), vaultUUID, title)
+	}
+
+	return rs.GetItem(items[0].ID, items[0].Vault.ID)
+}
+
+func (rs *restClient) GetItems(vaultUUID string) ([]onepassword.Item, error) {
+	span := rs.tracer.StartSpan("GetItems")
+	defer span.Finish()
+
+	itemURL := fmt.Sprintf("/v1/vaults/%s/items", vaultUUID)
+	request, err := rs.buildRequest(http.MethodGet, itemURL, http.NoBody, span)
+	if err != nil {
+		return nil, err
+	}
+
+	response, err := rs.client.Do(request)
+	if err != nil {
+		return nil, err
+	}
+
+	if response.StatusCode != http.StatusOK {
+		return nil, fmt.Errorf("Unable to retrieve items. Receieved %q for %q", response.Status, itemURL)
+	}
+
+	body, err := ioutil.ReadAll(response.Body)
+	if err != nil {
+		return nil, err
+	}
+
+	items := []onepassword.Item{}
+	if err := json.Unmarshal(body, &items); err != nil {
+		return nil, err
+	}
+
+	return items, nil
+}
+
+// CreateItem Create a new item in a specified vault
+func (rs *restClient) CreateItem(item *onepassword.Item, vaultUUID string) (*onepassword.Item, error) {
+	span := rs.tracer.StartSpan("CreateItem")
+	defer span.Finish()
+
+	itemURL := fmt.Sprintf("/v1/vaults/%s/items", vaultUUID)
+	itemBody, err := json.Marshal(item)
+	if err != nil {
+		return nil, err
+	}
+
+	request, err := rs.buildRequest(http.MethodPost, itemURL, bytes.NewBuffer(itemBody), span)
+	if err != nil {
+		return nil, err
+	}
+
+	response, err := rs.client.Do(request)
+	if err != nil {
+		return nil, err
+	}
+
+	if response.StatusCode != http.StatusOK {
+		return nil, fmt.Errorf("Unable to create item. Receieved %q for %q", response.Status, itemURL)
+	}
+
+	body, err := ioutil.ReadAll(response.Body)
+	if err != nil {
+		return nil, err
+	}
+
+	newItem := onepassword.Item{}
+	if err := json.Unmarshal(body, &newItem); err != nil {
+		return nil, err
+	}
+
+	return &newItem, nil
+}
+
+// UpdateItem Update a new item in a specified vault
+func (rs *restClient) UpdateItem(item *onepassword.Item, vaultUUID string) (*onepassword.Item, error) {
+	span := rs.tracer.StartSpan("UpdateItem")
+	defer span.Finish()
+
+	itemURL := fmt.Sprintf("/v1/vaults/%s/items/%s", item.Vault.ID, item.ID)
+	itemBody, err := json.Marshal(item)
+	if err != nil {
+		return nil, err
+	}
+
+	request, err := rs.buildRequest(http.MethodPut, itemURL, bytes.NewBuffer(itemBody), span)
+	if err != nil {
+		return nil, err
+	}
+
+	response, err := rs.client.Do(request)
+	if err != nil {
+		return nil, err
+	}
+
+	if response.StatusCode != http.StatusOK {
+		return nil, fmt.Errorf("Unable to update item. Receieved %q for %q", response.Status, itemURL)
+	}
+
+	body, err := ioutil.ReadAll(response.Body)
+	if err != nil {
+		return nil, err
+	}
+
+	newItem := onepassword.Item{}
+	if err := json.Unmarshal(body, &newItem); err != nil {
+		return nil, err
+	}
+
+	return &newItem, nil
+}
+
+// DeleteItem Delete a new item in a specified vault
+func (rs *restClient) DeleteItem(item *onepassword.Item, vaultUUID string) error {
+	span := rs.tracer.StartSpan("DeleteItem")
+	defer span.Finish()
+
+	itemURL := fmt.Sprintf("/v1/vaults/%s/items/%s", item.Vault.ID, item.ID)
+	request, err := rs.buildRequest(http.MethodDelete, itemURL, http.NoBody, span)
+	if err != nil {
+		return err
+	}
+
+	response, err := rs.client.Do(request)
+	if err != nil {
+		return err
+	}
+
+	if response.StatusCode != http.StatusNoContent {
+		return fmt.Errorf("Unable to retrieve item. Receieved %q for %q", response.Status, itemURL)
+	}
+
+	return nil
+}
+
+func (rs *restClient) buildRequest(method string, path string, body io.Reader, span opentracing.Span) (*http.Request, error) {
+	url := fmt.Sprintf("%s%s", rs.URL, path)
+
+	request, err := http.NewRequest(method, url, body)
+	if err != nil {
+		return nil, err
+	}
+
+	request.Header.Set("Content-Type", "application/json")
+	request.Header.Set("Authorization", fmt.Sprintf("Bearer %s", rs.Token))
+	request.Header.Set("User-Agent", rs.userAgent)
+
+	ext.SpanKindRPCClient.Set(span)
+	ext.HTTPUrl.Set(span, path)
+	ext.HTTPMethod.Set(span, method)
+
+	rs.tracer.Inject(span.Context(), opentracing.HTTPHeaders, opentracing.HTTPHeadersCarrier(request.Header))
+
+	return request, nil
+}
--- a/vendor/github.com/1Password/connect-sdk-go/connect/config.go
+++ b/vendor/github.com/1Password/connect-sdk-go/connect/config.go
@@ -0,0 +1,172 @@
+package connect
+
+import (
+	"fmt"
+	"os"
+	"reflect"
+	"strconv"
+	"strings"
+
+	"github.com/1Password/connect-sdk-go/onepassword"
+)
+
+const (
+	vaultTag = "opvault"
+	itemTag  = "opitem"
+	fieldTag = "opfield"
+
+	envVaultVar = "OP_VAULT"
+)
+
+type parsedItem struct {
+	vaultUUID string
+	itemTitle string
+	fields    []*reflect.StructField
+	values    []*reflect.Value
+}
+
+// Load Load configuration values based on strcut tag
+func Load(client Client, i interface{}) error {
+	configP := reflect.ValueOf(i)
+	if configP.Kind() != reflect.Ptr {
+		return fmt.Errorf("You must pass a pointer to Config struct")
+	}
+
+	config := configP.Elem()
+	if config.Kind() != reflect.Struct {
+		return fmt.Errorf("Config values can only be loaded into a struct")
+	}
+
+	t := config.Type()
+
+	// Multiple fields may be from a single item so we will collect them
+	items := map[string]parsedItem{}
+
+	// Fetch the Vault from the environment
+	vaultUUID, envVarFound := os.LookupEnv(envVaultVar)
+
+	for i := 0; i < t.NumField(); i++ {
+		value := config.Field(i)
+		field := t.Field(i)
+		tag := field.Tag.Get(itemTag)
+
+		if tag == "" {
+			continue
+		}
+
+		if !value.CanSet() {
+			return fmt.Errorf("Cannot load config into private fields")
+		}
+
+		itemVault, err := vaultUUIDForField(&field, vaultUUID, envVarFound)
+		if err != nil {
+			return err
+		}
+
+		key := fmt.Sprintf("%s/%s", itemVault, tag)
+		parsed := items[key]
+		parsed.vaultUUID = itemVault
+		parsed.itemTitle = tag
+		parsed.fields = append(parsed.fields, &field)
+		parsed.values = append(parsed.values, &value)
+		items[key] = parsed
+	}
+
+	for _, item := range items {
+		if err := setValuesForTag(client, &item); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func vaultUUIDForField(field *reflect.StructField, vaultUUID string, envVaultFound bool) (string, error) {
+	// Check to see if a specific vault has been specified on the field
+	// If the env vault id has not been found and item doesn't have a vault
+	// return an error
+	if vaultUUIDTag := field.Tag.Get(vaultTag); vaultUUIDTag == "" {
+		if !envVaultFound {
+			return "", fmt.Errorf("There is no vault for %q field", field.Name)
+		}
+	} else {
+		return vaultUUIDTag, nil
+	}
+
+	return vaultUUID, nil
+}
+
+func setValuesForTag(client Client, parsedItem *parsedItem) error {
+	item, err := client.GetItemByTitle(parsedItem.itemTitle, parsedItem.vaultUUID)
+	if err != nil {
+		return err
+	}
+
+	for i, field := range parsedItem.fields {
+		value := parsedItem.values[i]
+		path := field.Tag.Get(fieldTag)
+		if path == "" {
+			if field.Type == reflect.TypeOf(onepassword.Item{}) {
+				value.Set(reflect.ValueOf(*item))
+				return nil
+			}
+			return fmt.Errorf("There is no %q specified for %q", fieldTag, field.Name)
+		}
+
+		pathParts := strings.Split(path, ".")
+
+		if len(pathParts) != 2 {
+			return fmt.Errorf("Invalid field path format for %q", field.Name)
+		}
+
+		sectionID := sectionIDForName(pathParts[0], item.Sections)
+		label := pathParts[1]
+
+		for _, f := range item.Fields {
+			fieldSectionID := ""
+			if f.Section != nil {
+				fieldSectionID = f.Section.ID
+			}
+
+			if fieldSectionID == sectionID && f.Label == label {
+				if err := setValue(value, f.Value); err != nil {
+					return err
+				}
+				break
+			}
+		}
+	}
+
+	return nil
+}
+
+func setValue(value *reflect.Value, toSet string) error {
+	switch value.Kind() {
+	case reflect.String:
+		value.SetString(toSet)
+	case reflect.Int:
+		v, err := strconv.Atoi(toSet)
+		if err != nil {
+			return err
+		}
+		value.SetInt(int64(v))
+	default:
+		return fmt.Errorf("Unsupported type %q. Only string, int64, and onepassword.Item are supported", value.Kind())
+	}
+
+	return nil
+}
+
+func sectionIDForName(name string, sections []*onepassword.ItemSection) string {
+	if sections == nil {
+		return ""
+	}
+
+	for _, s := range sections {
+		if name == strings.ToLower(s.Label) {
+			return s.ID
+		}
+	}
+
+	return ""
+}
--- a/vendor/github.com/1Password/connect-sdk-go/onepassword/items.go
+++ b/vendor/github.com/1Password/connect-sdk-go/onepassword/items.go
@@ -0,0 +1,106 @@
+package onepassword
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// ItemCategory Represents the template of the Item
+type ItemCategory string
+
+const (
+	Login                ItemCategory = "LOGIN"
+	Password             ItemCategory = "PASSWORD"
+	Server               ItemCategory = "SERVER"
+	Database             ItemCategory = "DATABASE"
+	CreditCard           ItemCategory = "CREDIT_CARD"
+	Membership           ItemCategory = "MEMBERSHIP"
+	Passport             ItemCategory = "PASSPORT"
+	SoftwareLicense      ItemCategory = "SOFTWARE_LICENSE"
+	OutdoorLicense       ItemCategory = "OUTDOOR_LICENSE"
+	SecureNote           ItemCategory = "SECURE_NOTE"
+	WirelessRouter       ItemCategory = "WIRELESS_ROUTER"
+	BankAccount          ItemCategory = "BANK_ACCOUNT"
+	DriverLicense        ItemCategory = "DRIVER_LICENSE"
+	Identity             ItemCategory = "IDENTITY"
+	RewardProgram        ItemCategory = "REWARD_PROGRAM"
+	Document             ItemCategory = "DOCUMENT"
+	EmailAccount         ItemCategory = "EMAIL_ACCOUNT"
+	SocialSecurityNumber ItemCategory = "SOCIAL_SECURITY_NUMBER"
+	Custom               ItemCategory = "CUSTOM"
+)
+
+// UnmarshalJSON Unmarshall Item Category enum strings to Go string enums
+func (ic *ItemCategory) UnmarshalJSON(b []byte) error {
+	var s string
+	json.Unmarshal(b, &s)
+	category := ItemCategory(s)
+	switch category {
+	case Login, Password, Server, Database, CreditCard, Membership, Passport, SoftwareLicense,
+		OutdoorLicense, SecureNote, WirelessRouter, BankAccount, DriverLicense, Identity, RewardProgram,
+		Document, EmailAccount, SocialSecurityNumber:
+		*ic = category
+	default:
+		*ic = Custom
+	}
+
+	return nil
+}
+
+// Item represents an item returned to the consumer
+type Item struct {
+	ID    string `json:"id"`
+	Title string `json:"title"`
+
+	URLs     []ItemURL `json:"urls,omitempty"`
+	Favorite bool      `json:"favorite,omitempty"`
+	Tags     []string  `json:"tags,omitempty"`
+	Version  int       `json:"version,omitempty"`
+	Trashed  bool      `json:"trashed,omitempty"`
+
+	Vault    ItemVault    `json:"vault"`
+	Category ItemCategory `json:"category,omitempty"` // TODO: switch this to `category`
+
+	Sections []*ItemSection `json:"sections,omitempty"`
+	Fields   []*ItemField   `json:"fields,omitempty"`
+
+	LastEditedBy string    `json:"lastEditedBy,omitempty"`
+	CreatedAt    time.Time `json:"createdAt,omitempty"`
+	UpdatedAt    time.Time `json:"updatedAt,omitempty"`
+}
+
+// ItemVault represents the Vault the Item is found in
+type ItemVault struct {
+	ID string `json:"id"`
+}
+
+// ItemURL is a simplified item URL
+type ItemURL struct {
+	Primary bool   `json:"primary,omitempty"`
+	URL     string `json:"href"`
+}
+
+// ItemSection Representation of a Section on an item
+type ItemSection struct {
+	ID    string `json:"id,omitempty"`
+	Label string `json:"label,omitempty"`
+}
+
+// GeneratorRecipe Representation of a "recipe" used to generate a field
+type GeneratorRecipe struct {
+	Length        int      `json:"length,omitempty"`
+	CharacterSets []string `json:"characterSets,omitempty"`
+}
+
+// ItemField Representation of a single field on an Item
+type ItemField struct {
+	ID       string           `json:"id"`
+	Section  *ItemSection     `json:"section,omitempty"`
+	Type     string           `json:"type"`
+	Purpose  string           `json:"purpose,omitempty"`
+	Label    string           `json:"label,omitempty"`
+	Value    string           `json:"value,omitempty"`
+	Generate bool             `json:"generate,omitempty"`
+	Recipe   *GeneratorRecipe `json:"recipe,omitempty"`
+	Entropy  float64          `json:"entropy,omitempty"`
+}
--- a/vendor/github.com/1Password/connect-sdk-go/onepassword/vaults.go
+++ b/vendor/github.com/1Password/connect-sdk-go/onepassword/vaults.go
@@ -0,0 +1,46 @@
+package onepassword
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// Vault represents a 1password Vault
+type Vault struct {
+	ID          string `json:"id"`
+	Name        string `json:"name,omitempty"`
+	Description string `json:"description,omitempty"`
+
+	AttrVersion    int       `json:"attributeVersion,omitempty"`
+	ContentVersoin int       `json:"contentVersion,omitempty"`
+	Items          int       `json:"items,omitempty"`
+	Type           VaultType `json:"type,omitempty"`
+
+	CreatedAt time.Time `json:"createdAt,omitempty"`
+	UpdatedAt time.Time `json:"updatedAt,omitempty"`
+}
+
+// VaultType Representation of what the Vault Type is
+type VaultType string
+
+const (
+	PersonalVault    VaultType = "PERSONAL"
+	EveryoneVault    VaultType = "EVERYONE"
+	TransferVault    VaultType = "TRANSFER"
+	UserCreatedVault VaultType = "USER_CREATED"
+	UnknownVault     VaultType = "UNKNOWN"
+)
+
+// UnmarshalJSON Unmarshall Vault Type enum strings to Go string enums
+func (vt *VaultType) UnmarshalJSON(b []byte) error {
+	var s string
+	json.Unmarshal(b, &s)
+	vaultType := VaultType(s)
+	switch vaultType {
+	case PersonalVault, EveryoneVault, TransferVault, UserCreatedVault:
+		*vt = vaultType
+	default:
+		*vt = UnknownVault
+	}
+	return nil
+}