Also add file data to kubernetes secrets

2025-10-22 07:28:06 +00:00 · 2022-03-24 11:37:24 +01:00
parent 0d9e07f543
commit a903f9b1af
14 changed files with 959 additions and 115 deletions
--- a/pkg/kubernetessecrets/kubernetes_secrets_builder.go
+++ b/pkg/kubernetessecrets/kubernetes_secrets_builder.go
@@ -12,6 +12,7 @@ import (
 	errs "errors"

 	"github.com/1Password/connect-sdk-go/onepassword"
+
 	"github.com/1Password/onepassword-operator/pkg/utils"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
@@ -94,12 +95,12 @@ func BuildKubernetesSecretFromOnePasswordItem(name, namespace string, annotation
 			Annotations: annotations,
 			Labels:      labels,
 		},
-		Data: BuildKubernetesSecretData(item.Fields),
+		Data: BuildKubernetesSecretData(item.Fields, item.Files),
 		Type: corev1.SecretType(secretType),
 	}
 }

-func BuildKubernetesSecretData(fields []*onepassword.ItemField) map[string][]byte {
+func BuildKubernetesSecretData(fields []*onepassword.ItemField, files []*onepassword.File) map[string][]byte {
 	secretData := map[string][]byte{}
 	for i := 0; i < len(fields); i++ {
 		if fields[i].Value != "" {
@@ -107,6 +108,21 @@ func BuildKubernetesSecretData(fields []*onepassword.ItemField) map[string][]byt
 			secretData[key] = []byte(fields[i].Value)
 		}
 	}
+
+	// populate unpopulated fields from files
+	for _, file := range files {
+		content, err := file.Content()
+		if err != nil {
+			log.Error(err, "Could not load contents of file %s", file.Name)
+			continue
+		}
+		if content != nil {
+			key := file.Name
+			if secretData[key] == nil {
+				secretData[key] = content
+			}
+		}
+	}
 	return secretData
 }