mirror of
				https://github.com/1Password/onepassword-operator.git
				synced 2025-10-26 17:30:47 +00:00 
			
		
		
		
	Compare commits
	
		
			1 Commits
		
	
	
		
			release/v1
			...
			goreleaser
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
|   | 8ee4478c46 | 
							
								
								
									
										36
									
								
								.github/ISSUE_TEMPLATE/bug_report.md
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										36
									
								
								.github/ISSUE_TEMPLATE/bug_report.md
									
									
									
									
										vendored
									
									
								
							| @@ -1,36 +0,0 @@ | |||||||
| --- |  | ||||||
| name: Bug report |  | ||||||
| about: Report bugs and errors found while using the Operator. |  | ||||||
| title: '' |  | ||||||
| labels: bug |  | ||||||
| assignees: '' |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Your environment |  | ||||||
|  |  | ||||||
| <!-- Version of the Operator when the error occurred --> |  | ||||||
| Operator Version: |  | ||||||
|  |  | ||||||
| <!-- What version of the Connect server are you running? |  | ||||||
| You can get this information from the Integrations section in 1Password |  | ||||||
| https://start.1password.com/integrations/active |  | ||||||
| --> |  | ||||||
| Connect Server Version: |  | ||||||
|  |  | ||||||
| <!-- What version of Kubernetes have you deployed the operator to? --> |  | ||||||
| Kubernetes Version: |  | ||||||
|  |  | ||||||
| ## What happened? |  | ||||||
| <!-- Describe the bug or error --> |  | ||||||
|  |  | ||||||
| ## What did you expect to happen? |  | ||||||
| <!-- Describe what should have happened --> |  | ||||||
|  |  | ||||||
| ## Steps to reproduce |  | ||||||
| 1. <!-- Describe Steps to reproduce the issue --> |  | ||||||
|  |  | ||||||
|  |  | ||||||
| ## Notes & Logs |  | ||||||
| <!-- Paste any logs here that may help with debugging. |  | ||||||
| Remember to remove any sensitive information before sharing! --> |  | ||||||
							
								
								
									
										9
									
								
								.github/ISSUE_TEMPLATE/config.yml
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										9
									
								
								.github/ISSUE_TEMPLATE/config.yml
									
									
									
									
										vendored
									
									
								
							| @@ -1,9 +0,0 @@ | |||||||
| # docs: https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository#configuring-the-template-chooser |  | ||||||
| blank_issues_enabled: true |  | ||||||
| contact_links: |  | ||||||
|   - name: 1Password Community |  | ||||||
|     url: https://1password.community/categories/secrets-automation |  | ||||||
|     about: Please ask general Secrets Automation questions here. |  | ||||||
|   - name: 1Password Security Bug Bounty |  | ||||||
|     url: https://bugcrowd.com/agilebits |  | ||||||
|     about: Please report security vulnerabilities here. |  | ||||||
							
								
								
									
										32
									
								
								.github/ISSUE_TEMPLATE/feature_request.md
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										32
									
								
								.github/ISSUE_TEMPLATE/feature_request.md
									
									
									
									
										vendored
									
									
								
							| @@ -1,32 +0,0 @@ | |||||||
| --- |  | ||||||
| name: Feature request |  | ||||||
| about: Suggest an idea for the Operator |  | ||||||
| title: '' |  | ||||||
| labels: feature-request |  | ||||||
| assignees: '' |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ### Summary |  | ||||||
| <!-- Briefly describe the feature in one or two sentences. You can include more details later. --> |  | ||||||
|  |  | ||||||
| ### Use cases |  | ||||||
| <!-- Describe the use cases that make this feature useful to others. |  | ||||||
| The description should help the reader understand why the feature is necessary. |  | ||||||
| The better we understand your use case, the better we can help create an appropriate solution. --> |  | ||||||
|  |  | ||||||
| ### Proposed solution |  | ||||||
| <!-- If you already have an idea for how the feature should work, use this space to describe it. |  | ||||||
| We'll work with you to find a workable approach, and any implementation details are appreciated. |  | ||||||
| --> |  | ||||||
|  |  | ||||||
| ### Is there a workaround to accomplish this today? |  | ||||||
| <!-- If there's a way to accomplish this feature request without changes to the codebase, we'd like to hear it. |  | ||||||
| --> |  | ||||||
|  |  | ||||||
| ### References & Prior Work |  | ||||||
| <!-- If a similar feature was implemented in another project or tool, add a link so we can better understand your request. |  | ||||||
| Links to relevant documentation or RFCs are also appreciated. --> |  | ||||||
|  |  | ||||||
| * <!-- Reference 1 --> |  | ||||||
| * <!-- Reference 2, etc --> |  | ||||||
							
								
								
									
										52
									
								
								.github/workflows/release.yml
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										52
									
								
								.github/workflows/release.yml
									
									
									
									
										vendored
									
									
								
							| @@ -1,15 +1,13 @@ | |||||||
| name: release | name: goreleaser | ||||||
|  |  | ||||||
| on: | on: | ||||||
|   push: |   push: | ||||||
|     tags: |     tags: | ||||||
|       - 'v*' |       - '*' | ||||||
|  |  | ||||||
| jobs: | jobs: | ||||||
|   release-docker: |   goreleaser: | ||||||
|     runs-on: ubuntu-latest |     runs-on: ubuntu-latest | ||||||
|     env: |  | ||||||
|       DOCKER_CLI_EXPERIMENTAL: "enabled" |  | ||||||
|     steps: |     steps: | ||||||
|       - |       - | ||||||
|         name: Checkout |         name: Checkout | ||||||
| @@ -17,41 +15,15 @@ jobs: | |||||||
|         with: |         with: | ||||||
|           fetch-depth: 0 |           fetch-depth: 0 | ||||||
|       - |       - | ||||||
|         name: Docker meta |         name: Set up Go | ||||||
|         id: meta |         uses: actions/setup-go@v2 | ||||||
|         uses: crazy-max/ghaction-docker-meta@v2 |  | ||||||
|         with: |         with: | ||||||
|           images: | |           go-version: 1.15 | ||||||
|             1password/onepassword-operator |  | ||||||
|           # Publish image for x.y.z and x.y |  | ||||||
|           # The latest tag is automatically added for semver tags |  | ||||||
|           tags: | |  | ||||||
|             type=semver,pattern={{version}} |  | ||||||
|             type=semver,pattern={{major}}.{{minor}} |  | ||||||
|       - name: Get the version from tag |  | ||||||
|         id: get_version |  | ||||||
|         run: echo ::set-output name=VERSION::${GITHUB_REF#refs/tags/v} |  | ||||||
|       - |       - | ||||||
|         name: Set up QEMU |         name: Run GoReleaser | ||||||
|         uses: docker/setup-qemu-action@v1 |         uses: goreleaser/goreleaser-action@v2 | ||||||
|       - |  | ||||||
|         name: Set up Docker Buildx |  | ||||||
|         uses: docker/setup-buildx-action@v1 |  | ||||||
|       - |  | ||||||
|         name: Docker Login |  | ||||||
|         uses: docker/login-action@v1 |  | ||||||
|         with: |         with: | ||||||
|           username: ${{ secrets.DOCKERHUB_USERNAME }} |           version: latest | ||||||
|           password: ${{ secrets.DOCKERHUB_TOKEN }} |           args: release --rm-dist | ||||||
|       - |         env: | ||||||
|         name: Build and push |           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||||||
|         uses: docker/build-push-action@v2 |  | ||||||
|         with: |  | ||||||
|           context: . |  | ||||||
|           file: Dockerfile |  | ||||||
|           platforms: linux/amd64,linux/arm64,linux/arm/v7 |  | ||||||
|           push: true |  | ||||||
|           tags: ${{ steps.meta.outputs.tags }} |  | ||||||
|           labels: ${{ steps.meta.outputs.labels }} |  | ||||||
|           build-args: | |  | ||||||
|             operator_version=${{ steps.get_version.outputs.VERSION }} |  | ||||||
|   | |||||||
							
								
								
									
										55
									
								
								.goreleaser.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										55
									
								
								.goreleaser.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,55 @@ | |||||||
|  | project_name: onepassword-operator | ||||||
|  | builds: | ||||||
|  |   - env: | ||||||
|  |       - CGO_ENABLED=0 | ||||||
|  |     binary: manager | ||||||
|  |     main: ./cmd/manager/main.go | ||||||
|  |     flags: | ||||||
|  |       - -mod=vendor | ||||||
|  |       - -trimpath | ||||||
|  |     ldflags: | ||||||
|  |       - -s -w -X "github.com/1Password/onepassword-operator/version.Version={{ .Version }}" | ||||||
|  |     mod_timestamp: '{{ .CommitTimestamp }}' | ||||||
|  |     goos: | ||||||
|  |       - linux | ||||||
|  |     goarch: | ||||||
|  |       - amd64 | ||||||
|  |       - arm64 | ||||||
|  | dockers: | ||||||
|  |   - image_templates: ["1password/{{ .ProjectName }}:{{ .Version }}-amd64"] | ||||||
|  |     goos: linux | ||||||
|  |     goarch: amd64 | ||||||
|  |     dockerfile: Dockerfile-goreleaser | ||||||
|  |     use_buildx: true | ||||||
|  |     extra_files: | ||||||
|  |       - deploy/connect/ | ||||||
|  |     build_flag_templates: | ||||||
|  |       - --platform=linux/amd64 | ||||||
|  |       - --label=org.opencontainers.image.title={{ .ProjectName }} | ||||||
|  |       - --label=org.opencontainers.image.description={{ .ProjectName }} | ||||||
|  |       - --label=org.opencontainers.image.url=https://github.com/1Password/onepassword-operator | ||||||
|  |       - --label=org.opencontainers.image.source=https://github.com/1Password/onepassword-operator | ||||||
|  |       - --label=org.opencontainers.image.version={{ .Version }} | ||||||
|  |       - --label=org.opencontainers.image.revision={{ .FullCommit }} | ||||||
|  |       - --label=org.opencontainers.image.licenses=MIT | ||||||
|  |   - image_templates: ["1password/{{ .ProjectName }}:{{ .Version }}-arm64v8"] | ||||||
|  |     goos: linux | ||||||
|  |     goarch: arm64 | ||||||
|  |     dockerfile: Dockerfile-goreleaser | ||||||
|  |     use_buildx: true | ||||||
|  |     extra_files: | ||||||
|  |       - deploy/connect/ | ||||||
|  |     build_flag_templates: | ||||||
|  |       - --platform=linux/arm64/v8 | ||||||
|  |       - --label=org.opencontainers.image.title={{ .ProjectName }} | ||||||
|  |       - --label=org.opencontainers.image.description={{ .ProjectName }} | ||||||
|  |       - --label=org.opencontainers.image.url=https://github.com/1Password/onepassword-operator | ||||||
|  |       - --label=org.opencontainers.image.source=https://github.com/1Password/onepassword-operator | ||||||
|  |       - --label=org.opencontainers.image.version={{ .Version }} | ||||||
|  |       - --label=org.opencontainers.image.revision={{ .FullCommit }} | ||||||
|  |       - --label=org.opencontainers.image.licenses=MIT | ||||||
|  | docker_manifests: | ||||||
|  |   - name_template: 1password/{{ .ProjectName }}:{{ .Version }} | ||||||
|  |     image_templates: | ||||||
|  |       - 1password/{{ .ProjectName }}:{{ .Version }}-amd64 | ||||||
|  |       - 1password/{{ .ProjectName }}:{{ .Version }}-arm64v8 | ||||||
							
								
								
									
										17
									
								
								CHANGELOG.md
									
									
									
									
									
								
							
							
						
						
									
										17
									
								
								CHANGELOG.md
									
									
									
									
									
								
							| @@ -12,23 +12,6 @@ | |||||||
|  |  | ||||||
| --- | --- | ||||||
|  |  | ||||||
| [//]: # (START/v1.0.2) |  | ||||||
| # v1.0.2 |  | ||||||
|  |  | ||||||
| ## Fixes |  | ||||||
|  * Name normalizer added to handle non-conforming item names. |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| [//]: # (START/v1.0.1) |  | ||||||
| # v1.0.1 |  | ||||||
|  |  | ||||||
| ## Features |  | ||||||
| * This release also contains an arm64 Docker image. {#20} |  | ||||||
| * Docker images are also pushed to the :latest and :<major>.<minor> tags. |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| [//]: # (START/v1.0.0) | [//]: # (START/v1.0.0) | ||||||
| # v1.0.0 | # v1.0.0 | ||||||
|  |  | ||||||
|   | |||||||
| @@ -14,9 +14,11 @@ COPY vendor/ vendor/ | |||||||
| # Build | # Build | ||||||
| ARG operator_version=dev | ARG operator_version=dev | ||||||
| RUN CGO_ENABLED=0 \ | RUN CGO_ENABLED=0 \ | ||||||
|  |     GOOS=linux \ | ||||||
|  |     GOARCH=amd64 \ | ||||||
|     GO111MODULE=on \ |     GO111MODULE=on \ | ||||||
|     go build \ |     go build \ | ||||||
|     -ldflags "-X \"github.com/1Password/onepassword-operator/version.Version=$operator_version\"" \ |     -ldflags "-X version.Version=$operator_version" \ | ||||||
|     -mod vendor \ |     -mod vendor \ | ||||||
|     -a -o manager main.go |     -a -o manager main.go | ||||||
|  |  | ||||||
|   | |||||||
							
								
								
									
										9
									
								
								Dockerfile-goreleaser
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										9
									
								
								Dockerfile-goreleaser
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,9 @@ | |||||||
|  | # Use distroless as minimal base image to package the manager binary | ||||||
|  | # Refer to https://github.com/GoogleContainerTools/distroless for more details | ||||||
|  | FROM gcr.io/distroless/static:nonroot | ||||||
|  | WORKDIR / | ||||||
|  | COPY ./manager . | ||||||
|  | USER nonroot:nonroot | ||||||
|  | COPY deploy/connect/ deploy/connect/ | ||||||
|  |  | ||||||
|  | ENTRYPOINT ["/manager"] | ||||||
							
								
								
									
										4
									
								
								Makefile
									
									
									
									
									
								
							
							
						
						
									
										4
									
								
								Makefile
									
									
									
									
									
								
							| @@ -20,12 +20,12 @@ test/coverage:	## Run test suite with coverage report | |||||||
| 	go test -v ./... -cover | 	go test -v ./... -cover | ||||||
|  |  | ||||||
| build:	## Build operator Docker image | build:	## Build operator Docker image | ||||||
| 	@docker build -f Dockerfile --build-arg operator_version=$(curVersion) -t $(DOCKER_IMG_TAG) . | 	@docker build -f Dockerfile --build-arg operator_version=$(curVersion) -t $(DOCKER_IMG_TAG) | ||||||
| 	@echo "Successfully built and tagged image." | 	@echo "Successfully built and tagged image." | ||||||
| 	@echo "Tag: $(DOCKER_IMG_TAG)" | 	@echo "Tag: $(DOCKER_IMG_TAG)" | ||||||
|  |  | ||||||
| build/local:	## Build local version of the operator Docker image | build/local:	## Build local version of the operator Docker image | ||||||
| 	@docker build -f Dockerfile -t local/$(DOCKER_IMG_TAG) . | 	@docker build -f Dockerfile -t local/$(DOCKER_IMG_TAG) | ||||||
|  |  | ||||||
| build/binary: clean	## Build operator binary | build/binary: clean	## Build operator binary | ||||||
| 	@mkdir -p dist | 	@mkdir -p dist | ||||||
|   | |||||||
							
								
								
									
										30
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										30
									
								
								README.md
									
									
									
									
									
								
							| @@ -13,8 +13,8 @@ Prerequisites: | |||||||
| - [1Password Command Line Tool Installed](https://1password.com/downloads/command-line/) | - [1Password Command Line Tool Installed](https://1password.com/downloads/command-line/) | ||||||
| - [kubectl installed](https://kubernetes.io/docs/tasks/tools/install-kubectl/) | - [kubectl installed](https://kubernetes.io/docs/tasks/tools/install-kubectl/) | ||||||
| - [docker installed](https://docs.docker.com/get-docker/) | - [docker installed](https://docs.docker.com/get-docker/) | ||||||
| - [Generated a 1password-credentials.json file and issued a 1Password Connect API Token for the K8s Operator integration](https://support.1password.com/secrets-automation/) | - [Generated a 1password-credentials.json file and issued a 1Password Connect API Token for the K8s Operator integration](https://support.b5dev.com/cs/connect) | ||||||
| - [1Password Connect deployed to Kubernetes](https://support.1password.com/connect-deploy-kubernetes/#step-2-deploy-a-1password-connect-server). **NOTE**: If customization of the 1Password Connect deployment is not required you can skip this prerequisite. | - [1Password Connect deployed to Kubernetes](https://support.b5dev.com/cs/connect-deploy-kubernetes/#step-2-deploy-a-connect-server). **NOTE**: If customization of the 1Password Connect deployment is not required you can skip this prerequisite. | ||||||
|  |  | ||||||
| ### Quickstart for Deploying 1Password Connect to Kubernetes | ### Quickstart for Deploying 1Password Connect to Kubernetes | ||||||
|  |  | ||||||
| @@ -53,15 +53,15 @@ Adding this environment variable will have the operator automatically deploy a d | |||||||
| "Create a Connect token for the operator and save it as a Kubernetes Secret:  | "Create a Connect token for the operator and save it as a Kubernetes Secret:  | ||||||
|  |  | ||||||
| ```bash | ```bash | ||||||
| $ kubectl create secret generic onepassword-token --from-literal=token=<OP_CONNECT_TOKEN>" | $ kubectl create secret generic op-operator-connect-token --from-literal=token=<OP_CONNECT_TOKEN>" | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
| If you do not have a token for the operator, you can generate a token and save it to kubernetes with the following command: | If you do not have a token for the operator, you can generate a token and save it to kubernetes with the following command: | ||||||
| ```bash | ```bash | ||||||
| $ kubectl create secret generic onepassword-token --from-literal=token=$(op create connect token <server> op-k8s-operator --vault <vault>) | $ kubectl create secret generic op-operator-connect-token --from-literal=token=$(op create connect token <server> op-k8s-operator --vault <vault>) | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
| [More information on generating a token can be found here](https://support.1password.com/secrets-automation/#appendix-issue-additional-access-tokens) | [More information on generating a token can be found here](https://support.1password.com/cs/secrets-automation/#appendix-issue-additional-access-tokens) | ||||||
|  |  | ||||||
| **Set Permissions For Operator** | **Set Permissions For Operator** | ||||||
|  |  | ||||||
| @@ -84,9 +84,9 @@ An sample Deployment yaml can be found at `/deploy/operator.yaml`. | |||||||
|  |  | ||||||
| To further configure the 1Password Kubernetes Operator the Following Environment variables can be set in the operator yaml: | To further configure the 1Password Kubernetes Operator the Following Environment variables can be set in the operator yaml: | ||||||
|  |  | ||||||
|  | - **WATCH_NAMESPACE:** comma separated list of what Namespaces to watch for changes. | ||||||
| - **OP_CONNECT_HOST** (required): Specifies the host name within Kubernetes in which to access the 1Password Connect. | - **OP_CONNECT_HOST** (required): Specifies the host name within Kubernetes in which to access the 1Password Connect. | ||||||
| - **WATCH_NAMESPACE:** (default: watch all namespaces): Comma separated list of what Namespaces to watch for changes. | - **POLLING_INTERVAL** (default: 600)**:** The number of seconds the 1Password Kubernetes Operator will wait before checking for updates from 1Password Connect. | ||||||
| - **POLLING_INTERVAL** (default: 600): The number of seconds the 1Password Kubernetes Operator will wait before checking for updates from 1Password Connect. |  | ||||||
| - **MANAGE_CONNECT** (default: false): If set to true, on deployment of the operator, a default configuration of the OnePassword Connect Service will be deployed to the `default` namespace. | - **MANAGE_CONNECT** (default: false): If set to true, on deployment of the operator, a default configuration of the OnePassword Connect Service will be deployed to the `default` namespace. | ||||||
| - **AUTO_RESTART** (default: false): If set to true, the operator will restart any deployment using a secret from 1Password Connect. This can be overwritten by namespace, deployment, or individual secret. More details on AUTO_RESTART can be found in the ["Configuring Automatic Rolling Restarts of Deployments"](#configuring-automatic-rolling-restarts-of-deployments) section. | - **AUTO_RESTART** (default: false): If set to true, the operator will restart any deployment using a secret from 1Password Connect. This can be overwritten by namespace, deployment, or individual secret. More details on AUTO_RESTART can be found in the ["Configuring Automatic Rolling Restarts of Deployments"](#configuring-automatic-rolling-restarts-of-deployments) section. | ||||||
|  |  | ||||||
| @@ -102,7 +102,7 @@ To create a Kubernetes Secret from a 1Password item, create a yaml file with the | |||||||
|  |  | ||||||
| ```yaml | ```yaml | ||||||
| apiVersion: onepassword.com/v1 | apiVersion: onepassword.com/v1 | ||||||
| kind: OnePasswordItem | kind: OnePasswordItem # {insert_new_name} | ||||||
| metadata: | metadata: | ||||||
|   name: <item_name> #this name will also be used for naming the generated kubernetes secret |   name: <item_name> #this name will also be used for naming the generated kubernetes secret | ||||||
| spec: | spec: | ||||||
| @@ -131,8 +131,8 @@ kind: Deployment | |||||||
| metadata: | metadata: | ||||||
|   name: deployment-example |   name: deployment-example | ||||||
|   annotations: |   annotations: | ||||||
|     operator.1password.io/item-path: "vaults/<vault_id_or_title>/items/<item_id_or_title>" |     operator.1password.io/item-path: "vaults/{vault_id_or_title}/items/{item_id_or_title}" | ||||||
|     operator.1password.io/item-name: "<secret_name>" |     operator.1password.io/item-name: "{secret_name}" | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
| Applying this yaml file will create a Kubernetes Secret with the name `<secret_name>` and contents from the location specified at the specified Item Path. | Applying this yaml file will create a Kubernetes Secret with the name `<secret_name>` and contents from the location specified at the specified Item Path. | ||||||
| @@ -144,12 +144,7 @@ If a 1Password Item that is linked to a Kubernetes Secret is updated within the | |||||||
| --- | --- | ||||||
| **NOTE** | **NOTE** | ||||||
|  |  | ||||||
| If multiple 1Password vaults/items have the same `title` when using a title in the access path, the desired action will be performed on the oldest vault/item.  | If multiple 1Password vaults/items have the same `title` when using a title in the access path, the desired action will be performed on the oldest vault/item. Furthermore, titles that include white space characters cannot be used. | ||||||
|  |  | ||||||
| Titles and field names that include white space and other characters that are not a valid [DNS subdomain name](https://kubernetes.io/docs/concepts/configuration/secret/) will create Kubernetes secrets that have titles and fields in the following format: |  | ||||||
|  - Invalid characters before the first alphanumeric character and after the last alphanumeric character will be removed |  | ||||||
|  - All whitespaces between words will be replaced by `-` |  | ||||||
|  - All the letters will be lower-cased. |  | ||||||
|  |  | ||||||
| --- | --- | ||||||
|  |  | ||||||
| @@ -168,7 +163,6 @@ apiVersion: v1 | |||||||
| kind: Namespace | kind: Namespace | ||||||
| metadata: | metadata: | ||||||
|   name: "example-namespace" |   name: "example-namespace" | ||||||
|   annotations: |  | ||||||
|   operator.1password.io/auto-restart: "true" |   operator.1password.io/auto-restart: "true" | ||||||
| ``` | ``` | ||||||
| If the value is not set, the auto reset settings on the operator will be used. This value can be overwritten by deployment. | If the value is not set, the auto reset settings on the operator will be used. This value can be overwritten by deployment. | ||||||
| @@ -181,7 +175,6 @@ apiVersion: v1 | |||||||
| kind: Deployment | kind: Deployment | ||||||
| metadata: | metadata: | ||||||
|   name: "example-deployment" |   name: "example-deployment" | ||||||
|   annotations: |  | ||||||
|   operator.1password.io/auto-restart: "true" |   operator.1password.io/auto-restart: "true" | ||||||
| ``` | ``` | ||||||
| If the value is not set, the auto reset settings on the namespace will be used. | If the value is not set, the auto reset settings on the namespace will be used. | ||||||
| @@ -194,7 +187,6 @@ apiVersion: onepassword.com/v1 | |||||||
| kind: OnePasswordItem | kind: OnePasswordItem | ||||||
| metadata: | metadata: | ||||||
|   name: example |   name: example | ||||||
|   annotations: |  | ||||||
|   operator.1password.io/auto-restart: "true" |   operator.1password.io/auto-restart: "true" | ||||||
| ``` | ``` | ||||||
| If the value is not set, the auto reset settings on the deployment will be used. | If the value is not set, the auto reset settings on the deployment will be used. | ||||||
|   | |||||||
| @@ -83,11 +83,9 @@ func main() { | |||||||
|  |  | ||||||
| 	printVersion() | 	printVersion() | ||||||
|  |  | ||||||
| 	namespace := os.Getenv(k8sutil.WatchNamespaceEnvVar) | 	namespace, err := k8sutil.GetWatchNamespace() | ||||||
|  |  | ||||||
| 	deploymentNamespace, err := k8sutil.GetOperatorNamespace() |  | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		log.Error(err, "Failed to get namespace") | 		log.Error(err, "Failed to get watch namespace") | ||||||
| 		os.Exit(1) | 		os.Exit(1) | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
| @@ -141,7 +139,7 @@ func main() { | |||||||
| 		go func() { | 		go func() { | ||||||
| 			connectStarted := false | 			connectStarted := false | ||||||
| 			for connectStarted == false { | 			for connectStarted == false { | ||||||
| 				err := op.SetupConnect(mgr.GetClient(), deploymentNamespace) | 				err := op.SetupConnect(mgr.GetClient()) | ||||||
| 				// Cache Not Started is an acceptable error. Retry until cache is started. | 				// Cache Not Started is an acceptable error. Retry until cache is started. | ||||||
| 				if err != nil && !errors.Is(err, &cache.ErrCacheNotStarted{}) { | 				if err != nil && !errors.Is(err, &cache.ErrCacheNotStarted{}) { | ||||||
| 					log.Error(err, "") | 					log.Error(err, "") | ||||||
|   | |||||||
| @@ -2,6 +2,7 @@ apiVersion: apps/v1 | |||||||
| kind: Deployment | kind: Deployment | ||||||
| metadata: | metadata: | ||||||
|   name: onepassword-connect |   name: onepassword-connect | ||||||
|  |   namespace: default | ||||||
| spec: | spec: | ||||||
|   selector: |   selector: | ||||||
|     matchLabels: |     matchLabels: | ||||||
|   | |||||||
| @@ -2,6 +2,7 @@ apiVersion: v1 | |||||||
| kind: Service | kind: Service | ||||||
| metadata: | metadata: | ||||||
|   name: onepassword-connect |   name: onepassword-connect | ||||||
|  |   namespace: default | ||||||
| spec: | spec: | ||||||
|   type: NodePort |   type: NodePort | ||||||
|   selector: |   selector: | ||||||
|   | |||||||
| @@ -3,6 +3,7 @@ package onepassworditem | |||||||
| import ( | import ( | ||||||
| 	"context" | 	"context" | ||||||
| 	"fmt" | 	"fmt" | ||||||
|  |  | ||||||
| 	onepasswordv1 "github.com/1Password/onepassword-operator/pkg/apis/onepassword/v1" | 	onepasswordv1 "github.com/1Password/onepassword-operator/pkg/apis/onepassword/v1" | ||||||
| 	kubeSecrets "github.com/1Password/onepassword-operator/pkg/kubernetessecrets" | 	kubeSecrets "github.com/1Password/onepassword-operator/pkg/kubernetessecrets" | ||||||
| 	"github.com/1Password/onepassword-operator/pkg/onepassword" | 	"github.com/1Password/onepassword-operator/pkg/onepassword" | ||||||
|   | |||||||
| @@ -31,9 +31,6 @@ const ( | |||||||
| 	itemId                    = "nwrhuano7bcwddcviubpp4mhfq" | 	itemId                    = "nwrhuano7bcwddcviubpp4mhfq" | ||||||
| 	username                  = "test-user" | 	username                  = "test-user" | ||||||
| 	password                  = "QmHumKc$mUeEem7caHtbaBaJ" | 	password                  = "QmHumKc$mUeEem7caHtbaBaJ" | ||||||
| 	firstHost                 = "http://localhost:8080" |  | ||||||
| 	awsKey                    = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" |  | ||||||
| 	iceCream                  = "freezing blue 20%" |  | ||||||
| 	userKey                   = "username" | 	userKey                   = "username" | ||||||
| 	passKey                   = "password" | 	passKey                   = "password" | ||||||
| 	version                   = 123 | 	version                   = 123 | ||||||
| @@ -213,79 +210,6 @@ var tests = []testReconcileItem{ | |||||||
| 			passKey: password, | 			passKey: password, | ||||||
| 		}, | 		}, | ||||||
| 	}, | 	}, | ||||||
| 	{ |  | ||||||
| 		testName: "Secret from 1Password item with invalid K8s labels", |  | ||||||
| 		customResource: &onepasswordv1.OnePasswordItem{ |  | ||||||
| 			TypeMeta: metav1.TypeMeta{ |  | ||||||
| 				Kind:       onePasswordItemKind, |  | ||||||
| 				APIVersion: onePasswordItemAPIVersion, |  | ||||||
| 			}, |  | ||||||
| 			ObjectMeta: metav1.ObjectMeta{ |  | ||||||
| 				Name:      "!my sECReT it3m%", |  | ||||||
| 				Namespace: namespace, |  | ||||||
| 			}, |  | ||||||
| 			Spec: onepasswordv1.OnePasswordItemSpec{ |  | ||||||
| 				ItemPath: itemPath, |  | ||||||
| 			}, |  | ||||||
| 		}, |  | ||||||
| 		existingSecret: nil, |  | ||||||
| 		expectedError:  nil, |  | ||||||
| 		expectedResultSecret: &corev1.Secret{ |  | ||||||
| 			ObjectMeta: metav1.ObjectMeta{ |  | ||||||
| 				Name:      "my-secret-it3m", |  | ||||||
| 				Namespace: namespace, |  | ||||||
| 				Annotations: map[string]string{ |  | ||||||
| 					op.VersionAnnotation: fmt.Sprint(version), |  | ||||||
| 				}, |  | ||||||
| 			}, |  | ||||||
| 			Data: expectedSecretData, |  | ||||||
| 		}, |  | ||||||
| 		opItem: map[string]string{ |  | ||||||
| 			userKey: username, |  | ||||||
| 			passKey: password, |  | ||||||
| 		}, |  | ||||||
| 	}, |  | ||||||
| 	{ |  | ||||||
| 		testName: "Secret from 1Password item with fields and sections that have invalid K8s labels", |  | ||||||
| 		customResource: &onepasswordv1.OnePasswordItem{ |  | ||||||
| 			TypeMeta: metav1.TypeMeta{ |  | ||||||
| 				Kind:       onePasswordItemKind, |  | ||||||
| 				APIVersion: onePasswordItemAPIVersion, |  | ||||||
| 			}, |  | ||||||
| 			ObjectMeta: metav1.ObjectMeta{ |  | ||||||
| 				Name:      "!my sECReT it3m%", |  | ||||||
| 				Namespace: namespace, |  | ||||||
| 			}, |  | ||||||
| 			Spec: onepasswordv1.OnePasswordItemSpec{ |  | ||||||
| 				ItemPath: itemPath, |  | ||||||
| 			}, |  | ||||||
| 		}, |  | ||||||
| 		existingSecret: nil, |  | ||||||
| 		expectedError:  nil, |  | ||||||
| 		expectedResultSecret: &corev1.Secret{ |  | ||||||
| 			ObjectMeta: metav1.ObjectMeta{ |  | ||||||
| 				Name:      "my-secret-it3m", |  | ||||||
| 				Namespace: namespace, |  | ||||||
| 				Annotations: map[string]string{ |  | ||||||
| 					op.VersionAnnotation: fmt.Sprint(version), |  | ||||||
| 				}, |  | ||||||
| 			}, |  | ||||||
| 			Data: map[string][]byte{ |  | ||||||
| 				"password":       []byte(password), |  | ||||||
| 				"username":       []byte(username), |  | ||||||
| 				"first-host":     []byte(firstHost), |  | ||||||
| 				"aws-access-key": []byte(awsKey), |  | ||||||
| 				"ice-cream-type": []byte(iceCream), |  | ||||||
| 			}, |  | ||||||
| 		}, |  | ||||||
| 		opItem: map[string]string{ |  | ||||||
| 			userKey:            username, |  | ||||||
| 			passKey:            password, |  | ||||||
| 			"first host":       firstHost, |  | ||||||
| 			"AWS Access Key":   awsKey, |  | ||||||
| 			"😄 ice-cream type": iceCream, |  | ||||||
| 		}, |  | ||||||
| 	}, |  | ||||||
| } | } | ||||||
|  |  | ||||||
| func TestReconcileOnePasswordItem(t *testing.T) { | func TestReconcileOnePasswordItem(t *testing.T) { | ||||||
| @@ -317,10 +241,7 @@ func TestReconcileOnePasswordItem(t *testing.T) { | |||||||
| 			mocks.GetGetItemFunc = func(uuid string, vaultUUID string) (*onepassword.Item, error) { | 			mocks.GetGetItemFunc = func(uuid string, vaultUUID string) (*onepassword.Item, error) { | ||||||
|  |  | ||||||
| 				item := onepassword.Item{} | 				item := onepassword.Item{} | ||||||
| 				item.Fields = []*onepassword.ItemField{} | 				item.Fields = generateFields(testData.opItem["username"], testData.opItem["password"]) | ||||||
| 				for k, v := range testData.opItem { |  | ||||||
| 					item.Fields = append(item.Fields, &onepassword.ItemField{Label: k, Value: v}) |  | ||||||
| 				} |  | ||||||
| 				item.Version = version | 				item.Version = version | ||||||
| 				item.Vault.ID = vaultUUID | 				item.Vault.ID = vaultUUID | ||||||
| 				item.ID = uuid | 				item.ID = uuid | ||||||
| @@ -336,8 +257,8 @@ func TestReconcileOnePasswordItem(t *testing.T) { | |||||||
| 			// watched resource . | 			// watched resource . | ||||||
| 			req := reconcile.Request{ | 			req := reconcile.Request{ | ||||||
| 				NamespacedName: types.NamespacedName{ | 				NamespacedName: types.NamespacedName{ | ||||||
| 					Name:      testData.customResource.ObjectMeta.Name, | 					Name:      name, | ||||||
| 					Namespace: testData.customResource.ObjectMeta.Namespace, | 					Namespace: namespace, | ||||||
| 				}, | 				}, | ||||||
| 			} | 			} | ||||||
| 			_, err := r.Reconcile(req) | 			_, err := r.Reconcile(req) | ||||||
|   | |||||||
| @@ -4,17 +4,12 @@ import ( | |||||||
| 	"context" | 	"context" | ||||||
| 	"fmt" | 	"fmt" | ||||||
|  |  | ||||||
| 	"regexp" |  | ||||||
| 	"strings" |  | ||||||
|  |  | ||||||
| 	"github.com/1Password/connect-sdk-go/onepassword" | 	"github.com/1Password/connect-sdk-go/onepassword" | ||||||
| 	"github.com/1Password/onepassword-operator/pkg/utils" | 	"github.com/1Password/onepassword-operator/pkg/utils" | ||||||
| 	corev1 "k8s.io/api/core/v1" | 	corev1 "k8s.io/api/core/v1" | ||||||
| 	"k8s.io/apimachinery/pkg/api/errors" | 	"k8s.io/apimachinery/pkg/api/errors" | ||||||
| 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" | 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" | ||||||
| 	"k8s.io/apimachinery/pkg/types" | 	"k8s.io/apimachinery/pkg/types" | ||||||
| 	kubeValidate "k8s.io/apimachinery/pkg/util/validation" |  | ||||||
|  |  | ||||||
| 	kubernetesClient "sigs.k8s.io/controller-runtime/pkg/client" | 	kubernetesClient "sigs.k8s.io/controller-runtime/pkg/client" | ||||||
| 	logf "sigs.k8s.io/controller-runtime/pkg/log" | 	logf "sigs.k8s.io/controller-runtime/pkg/log" | ||||||
| ) | ) | ||||||
| @@ -68,7 +63,7 @@ func CreateKubernetesSecretFromItem(kubeClient kubernetesClient.Client, secretNa | |||||||
| func BuildKubernetesSecretFromOnePasswordItem(name, namespace string, annotations map[string]string, item onepassword.Item) *corev1.Secret { | func BuildKubernetesSecretFromOnePasswordItem(name, namespace string, annotations map[string]string, item onepassword.Item) *corev1.Secret { | ||||||
| 	return &corev1.Secret{ | 	return &corev1.Secret{ | ||||||
| 		ObjectMeta: metav1.ObjectMeta{ | 		ObjectMeta: metav1.ObjectMeta{ | ||||||
| 			Name:        formatSecretName(name), | 			Name:        name, | ||||||
| 			Namespace:   namespace, | 			Namespace:   namespace, | ||||||
| 			Annotations: annotations, | 			Annotations: annotations, | ||||||
| 		}, | 		}, | ||||||
| @@ -80,33 +75,8 @@ func BuildKubernetesSecretData(fields []*onepassword.ItemField) map[string][]byt | |||||||
| 	secretData := map[string][]byte{} | 	secretData := map[string][]byte{} | ||||||
| 	for i := 0; i < len(fields); i++ { | 	for i := 0; i < len(fields); i++ { | ||||||
| 		if fields[i].Value != "" { | 		if fields[i].Value != "" { | ||||||
| 			key := formatSecretName(fields[i].Label) | 			secretData[fields[i].Label] = []byte(fields[i].Value) | ||||||
| 			secretData[key] = []byte(fields[i].Value) |  | ||||||
| 		} | 		} | ||||||
| 	} | 	} | ||||||
| 	return secretData | 	return secretData | ||||||
| } | } | ||||||
|  |  | ||||||
| // formatSecretName rewrites a value to be a valid Secret name or Secret data key. |  | ||||||
| // |  | ||||||
| // The Secret meta.name and data keys must be valid DNS subdomain names (https://kubernetes.io/docs/concepts/configuration/secret/#overview-of-secrets) |  | ||||||
| func formatSecretName(value string) string { |  | ||||||
| 	if errs := kubeValidate.IsDNS1123Subdomain(value); len(errs) == 0 { |  | ||||||
| 		return value |  | ||||||
| 	} |  | ||||||
| 	return createValidSecretName(value) |  | ||||||
| } |  | ||||||
|  |  | ||||||
| var invalidDNS1123Chars = regexp.MustCompile("[^a-z0-9-]+") |  | ||||||
|  |  | ||||||
| func createValidSecretName(value string) string { |  | ||||||
| 	result := strings.ToLower(value) |  | ||||||
| 	result = invalidDNS1123Chars.ReplaceAllString(result, "-") |  | ||||||
|  |  | ||||||
| 	if len(result) > kubeValidate.DNS1123SubdomainMaxLength { |  | ||||||
| 		result = result[0:kubeValidate.DNS1123SubdomainMaxLength] |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	// first and last character MUST be alphanumeric |  | ||||||
| 	return strings.Trim(result, "-") |  | ||||||
| } |  | ||||||
|   | |||||||
| @@ -3,7 +3,6 @@ package kubernetessecrets | |||||||
| import ( | import ( | ||||||
| 	"context" | 	"context" | ||||||
| 	"fmt" | 	"fmt" | ||||||
| 	kubeValidate "k8s.io/apimachinery/pkg/util/validation" |  | ||||||
| 	"strings" | 	"strings" | ||||||
| 	"testing" | 	"testing" | ||||||
|  |  | ||||||
| @@ -102,7 +101,7 @@ func TestBuildKubernetesSecretFromOnePasswordItem(t *testing.T) { | |||||||
| 	item.Fields = generateFields(5) | 	item.Fields = generateFields(5) | ||||||
|  |  | ||||||
| 	kubeSecret := BuildKubernetesSecretFromOnePasswordItem(name, namespace, annotations, item) | 	kubeSecret := BuildKubernetesSecretFromOnePasswordItem(name, namespace, annotations, item) | ||||||
| 	if kubeSecret.Name != strings.ToLower(name) { | 	if kubeSecret.Name != name { | ||||||
| 		t.Errorf("Expected name value: %v but got: %v", name, kubeSecret.Name) | 		t.Errorf("Expected name value: %v but got: %v", name, kubeSecret.Name) | ||||||
| 	} | 	} | ||||||
| 	if kubeSecret.Namespace != namespace { | 	if kubeSecret.Namespace != namespace { | ||||||
| @@ -114,44 +113,6 @@ func TestBuildKubernetesSecretFromOnePasswordItem(t *testing.T) { | |||||||
| 	compareFields(item.Fields, kubeSecret.Data, t) | 	compareFields(item.Fields, kubeSecret.Data, t) | ||||||
| } | } | ||||||
|  |  | ||||||
| func TestBuildKubernetesSecretFixesInvalidLabels(t *testing.T) { |  | ||||||
| 	name := "inV@l1d k8s secret%name" |  | ||||||
| 	expectedName := "inv-l1d-k8s-secret-name" |  | ||||||
| 	namespace := "someNamespace" |  | ||||||
| 	annotations := map[string]string{ |  | ||||||
| 		"annotationKey": "annotationValue", |  | ||||||
| 	} |  | ||||||
| 	item := onepassword.Item{} |  | ||||||
|  |  | ||||||
| 	item.Fields = []*onepassword.ItemField{ |  | ||||||
| 		{ |  | ||||||
| 			Label: "label w%th invalid ch!rs-", |  | ||||||
| 			Value: "value1", |  | ||||||
| 		}, |  | ||||||
| 		{ |  | ||||||
| 			Label: strings.Repeat("x", kubeValidate.DNS1123SubdomainMaxLength+1), |  | ||||||
| 			Value: "name exceeds max length", |  | ||||||
| 		}, |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	kubeSecret := BuildKubernetesSecretFromOnePasswordItem(name, namespace, annotations, item) |  | ||||||
|  |  | ||||||
| 	// Assert Secret's meta.name was fixed |  | ||||||
| 	if kubeSecret.Name != expectedName { |  | ||||||
| 		t.Errorf("Expected name value: %v but got: %v", name, kubeSecret.Name) |  | ||||||
| 	} |  | ||||||
| 	if kubeSecret.Namespace != namespace { |  | ||||||
| 		t.Errorf("Expected namespace value: %v but got: %v", namespace, kubeSecret.Namespace) |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	// assert labels were fixed for each data key |  | ||||||
| 	for key := range kubeSecret.Data { |  | ||||||
| 		if !validLabel(key) { |  | ||||||
| 			t.Errorf("Expected valid kubernetes label, got %s", key) |  | ||||||
| 		} |  | ||||||
| 	} |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func compareAnnotationsToItem(annotations map[string]string, item onepassword.Item, t *testing.T) { | func compareAnnotationsToItem(annotations map[string]string, item onepassword.Item, t *testing.T) { | ||||||
| 	actualVaultId, actualItemId, err := ParseVaultIdAndItemIdFromPath(annotations[ItemPathAnnotation]) | 	actualVaultId, actualItemId, err := ParseVaultIdAndItemIdFromPath(annotations[ItemPathAnnotation]) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| @@ -203,10 +164,3 @@ func ParseVaultIdAndItemIdFromPath(path string) (string, string, error) { | |||||||
| 	} | 	} | ||||||
| 	return "", "", fmt.Errorf("%q is not an acceptable path for One Password item. Must be of the format: `vaults/{vault_id}/items/{item_id}`", path) | 	return "", "", fmt.Errorf("%q is not an acceptable path for One Password item. Must be of the format: `vaults/{vault_id}/items/{item_id}`", path) | ||||||
| } | } | ||||||
|  |  | ||||||
| func validLabel(v string) bool { |  | ||||||
| 	if err := kubeValidate.IsDNS1123Subdomain(v); len(err) > 0 { |  | ||||||
| 		return false |  | ||||||
| 	} |  | ||||||
| 	return true |  | ||||||
| } |  | ||||||
|   | |||||||
| @@ -2,7 +2,6 @@ package onepassword | |||||||
|  |  | ||||||
| import ( | import ( | ||||||
| 	"context" | 	"context" | ||||||
| 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1" |  | ||||||
| 	"os" | 	"os" | ||||||
|  |  | ||||||
| 	appsv1 "k8s.io/api/apps/v1" | 	appsv1 "k8s.io/api/apps/v1" | ||||||
| @@ -18,13 +17,13 @@ var logConnectSetup = logf.Log.WithName("ConnectSetup") | |||||||
| var deploymentPath = "deploy/connect/deployment.yaml" | var deploymentPath = "deploy/connect/deployment.yaml" | ||||||
| var servicePath = "deploy/connect/service.yaml" | var servicePath = "deploy/connect/service.yaml" | ||||||
|  |  | ||||||
| func SetupConnect(kubeClient client.Client, deploymentNamespace string) error { | func SetupConnect(kubeClient client.Client) error { | ||||||
| 	err := setupService(kubeClient, servicePath, deploymentNamespace) | 	err := setupService(kubeClient, servicePath) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		return err | 		return err | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
| 	err = setupDeployment(kubeClient, deploymentPath, deploymentNamespace) | 	err = setupDeployment(kubeClient, deploymentPath) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		return err | 		return err | ||||||
| 	} | 	} | ||||||
| @@ -32,22 +31,22 @@ func SetupConnect(kubeClient client.Client, deploymentNamespace string) error { | |||||||
| 	return nil | 	return nil | ||||||
| } | } | ||||||
|  |  | ||||||
| func setupDeployment(kubeClient client.Client, deploymentPath string, deploymentNamespace string) error { | func setupDeployment(kubeClient client.Client, deploymentPath string) error { | ||||||
| 	existingDeployment := &appsv1.Deployment{} | 	existingDeployment := &appsv1.Deployment{} | ||||||
|  |  | ||||||
| 	// check if deployment has already been created | 	// check if deployment has already been created | ||||||
| 	err := kubeClient.Get(context.Background(), types.NamespacedName{Name: "onepassword-connect", Namespace: deploymentNamespace}, existingDeployment) | 	err := kubeClient.Get(context.Background(), types.NamespacedName{Name: "onepassword-connect", Namespace: "default"}, existingDeployment) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		if errors.IsNotFound(err) { | 		if errors.IsNotFound(err) { | ||||||
| 			logConnectSetup.Info("No existing Connect deployment found. Creating Deployment") | 			logConnectSetup.Info("No existing Connect deployment found. Creating Deployment") | ||||||
| 			return createDeployment(kubeClient, deploymentPath, deploymentNamespace) | 			return createDeployment(kubeClient, deploymentPath) | ||||||
| 		} | 		} | ||||||
| 	} | 	} | ||||||
| 	return err | 	return err | ||||||
| } | } | ||||||
|  |  | ||||||
| func createDeployment(kubeClient client.Client, deploymentPath string, deploymentNamespace string) error { | func createDeployment(kubeClient client.Client, deploymentPath string) error { | ||||||
| 	deployment, err := getDeploymentToCreate(deploymentPath, deploymentNamespace) | 	deployment, err := getDeploymentToCreate(deploymentPath) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		return err | 		return err | ||||||
| 	} | 	} | ||||||
| @@ -60,16 +59,12 @@ func createDeployment(kubeClient client.Client, deploymentPath string, deploymen | |||||||
| 	return nil | 	return nil | ||||||
| } | } | ||||||
|  |  | ||||||
| func getDeploymentToCreate(deploymentPath string, deploymentNamespace string) (*appsv1.Deployment, error) { | func getDeploymentToCreate(deploymentPath string) (*appsv1.Deployment, error) { | ||||||
| 	f, err := os.Open(deploymentPath) | 	f, err := os.Open(deploymentPath) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		return nil, err | 		return nil, err | ||||||
| 	} | 	} | ||||||
| 	deployment := &appsv1.Deployment{ | 	deployment := &appsv1.Deployment{} | ||||||
| 		ObjectMeta: v1.ObjectMeta{ |  | ||||||
| 			Namespace: deploymentNamespace, |  | ||||||
| 		}, |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	err = yaml.NewYAMLOrJSONDecoder(f, 4096).Decode(deployment) | 	err = yaml.NewYAMLOrJSONDecoder(f, 4096).Decode(deployment) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| @@ -78,30 +73,26 @@ func getDeploymentToCreate(deploymentPath string, deploymentNamespace string) (* | |||||||
| 	return deployment, nil | 	return deployment, nil | ||||||
| } | } | ||||||
|  |  | ||||||
| func setupService(kubeClient client.Client, servicePath string, deploymentNamespace string) error { | func setupService(kubeClient client.Client, servicePath string) error { | ||||||
| 	existingService := &corev1.Service{} | 	existingService := &corev1.Service{} | ||||||
|  |  | ||||||
| 	//check if service has already been created | 	//check if service has already been created | ||||||
| 	err := kubeClient.Get(context.Background(), types.NamespacedName{Name: "onepassword-connect", Namespace: deploymentNamespace}, existingService) | 	err := kubeClient.Get(context.Background(), types.NamespacedName{Name: "onepassword-connect", Namespace: "default"}, existingService) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		if errors.IsNotFound(err) { | 		if errors.IsNotFound(err) { | ||||||
| 			logConnectSetup.Info("No existing Connect service found. Creating Service") | 			logConnectSetup.Info("No existing Connect service found. Creating Service") | ||||||
| 			return createService(kubeClient, servicePath, deploymentNamespace) | 			return createService(kubeClient, servicePath) | ||||||
| 		} | 		} | ||||||
| 	} | 	} | ||||||
| 	return err | 	return err | ||||||
| } | } | ||||||
|  |  | ||||||
| func createService(kubeClient client.Client, servicePath string, deploymentNamespace string) error { | func createService(kubeClient client.Client, servicePath string) error { | ||||||
| 	f, err := os.Open(servicePath) | 	f, err := os.Open(servicePath) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		return err | 		return err | ||||||
| 	} | 	} | ||||||
| 	service := &corev1.Service{ | 	service := &corev1.Service{} | ||||||
| 		ObjectMeta: v1.ObjectMeta{ |  | ||||||
| 			Namespace: deploymentNamespace, |  | ||||||
| 		}, |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	err = yaml.NewYAMLOrJSONDecoder(f, 4096).Decode(service) | 	err = yaml.NewYAMLOrJSONDecoder(f, 4096).Decode(service) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
|   | |||||||
| @@ -25,7 +25,7 @@ func TestServiceSetup(t *testing.T) { | |||||||
| 	// Create a fake client to mock API calls. | 	// Create a fake client to mock API calls. | ||||||
| 	client := fake.NewFakeClientWithScheme(s, objs...) | 	client := fake.NewFakeClientWithScheme(s, objs...) | ||||||
|  |  | ||||||
| 	err := setupService(client, "../../deploy/connect/service.yaml", defaultNamespacedName.Namespace) | 	err := setupService(client, "../../deploy/connect/service.yaml") | ||||||
|  |  | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		t.Errorf("Error Setting Up Connect: %v", err) | 		t.Errorf("Error Setting Up Connect: %v", err) | ||||||
| @@ -50,7 +50,7 @@ func TestDeploymentSetup(t *testing.T) { | |||||||
| 	// Create a fake client to mock API calls. | 	// Create a fake client to mock API calls. | ||||||
| 	client := fake.NewFakeClientWithScheme(s, objs...) | 	client := fake.NewFakeClientWithScheme(s, objs...) | ||||||
|  |  | ||||||
| 	err := setupDeployment(client, "../../deploy/connect/deployment.yaml", defaultNamespacedName.Namespace) | 	err := setupDeployment(client, "../../deploy/connect/deployment.yaml") | ||||||
|  |  | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		t.Errorf("Error Setting Up Connect: %v", err) | 		t.Errorf("Error Setting Up Connect: %v", err) | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user