mirror of
				https://github.com/1Password/onepassword-operator.git
				synced 2025-10-26 17:30:47 +00:00 
			
		
		
		
	Compare commits
	
		
			106 Commits
		
	
	
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
|   | 54eed0c81c | ||
|   | 8bd7d519fe | ||
|   | 2823a571e9 | ||
|   | 772e708f02 | ||
|   | 1d613eac2b | ||
|   | dbd7408fac | ||
|   | 6ef0da2d17 | ||
|   | b35acb7d13 | ||
|   | 9cee6595d5 | ||
|   | 24d3f6f043 | ||
|   | 5980e7e63a | ||
|   | 1e9c04ee05 | ||
|   | a5416f4532 | ||
|   | 7e739a6fc7 | ||
|   | 0f1dcdd38a | ||
|   | 4c04c6699b | ||
|   | cd03176aae | ||
|   | f194485a1b | ||
|   | d1254b06e7 | ||
|   | 7c84f9d3a4 | ||
|   | 13abcb9c8f | ||
|   | b717823fd0 | ||
|   | c9b969def1 | ||
|   | fd92ef86ab | ||
|   | 842c8febdc | ||
|   | 49a5e93c44 | ||
|   | ac646ec56c | ||
|   | 458ed24ca3 | ||
|   | bb7b565457 | ||
|   | 17d44d90bd | ||
|   | 0903bacfbd | ||
|   | 32360d8a83 | ||
|   | 2373fbc87f | ||
|   | 704116b855 | ||
|   | 55b5781d7a | ||
|   | 1aa27fdba0 | ||
|   | f164a93b72 | ||
|   | 9d0736285f | ||
|   | aa1b4ba857 | ||
|   | ae9b673f96 | ||
|   | a0475d7170 | ||
|   | 922f3c8929 | ||
|   | 1fa5bccec2 | ||
|   | cff4d194ba | ||
|   | 475860a364 | ||
|   | 64aad3d573 | ||
|   | 0582c2d6e1 | ||
|   | d1be03edd0 | ||
|   | 83b294690a | ||
|   | ef7361b3c1 | ||
|   | 04c1fc1236 | ||
|   | 3723c962fe | ||
|   | 4d2120061d | ||
|   | c95078c34c | ||
|   | 4527336c37 | ||
|   | 0b6b07b867 | ||
|   | 4baad12e10 | ||
|   | efbe96e93a | ||
|   | ac06f8db13 | ||
|   | 72511ed687 | ||
|   | 4757263c66 | ||
|   | 97e06e5c4d | ||
|   | a432b42814 | ||
|   | f88ea6696b | ||
|   | 1498c223a5 | ||
|   | 432f2c6cf6 | ||
|   | a49c6ee045 | ||
|   | 8881782559 | ||
|   | dcb5d5675a | ||
|   | b567b99774 | ||
|   | 02c90d424b | ||
|   | 4428515407 | ||
|   | 949a840779 | ||
|   | ced45c33d4 | ||
|   | 4091f80351 | ||
|   | c94e7a5557 | ||
|   | 3fbd0b32cd | ||
|   | 2c55fbc5ed | ||
|   | fcb97e1482 | ||
|   | b3346cbc25 | ||
|   | 8c0f1a7837 | ||
|   | eda5612827 | ||
| ![github-actions[bot]](/assets/img/avatar_default.png)  | 5f232b121a | ||
|   | f72e5243b0 | ||
|   | 8fc852a4dd | ||
|   | e6998497a2 | ||
|   | 4b36cd80bd | ||
|   | 030d451c94 | ||
|   | 1e73bc1220 | ||
|   | a42a96bd26 | ||
|   | c8fe537ad1 | ||
|   | 9b4d8eb292 | ||
|   | 91c3422597 | ||
|   | d3d0cfa281 | ||
|   | 5c41962aea | ||
|   | 4413e61f2a | ||
|   | 63e3cd15fb | ||
|   | ffb9a4f22a | ||
|   | 10cfb55350 | ||
|   | 372a5f4aa9 | ||
|   | 3bb2f0e9d3 | ||
|   | a78b197db8 | ||
|   | 514ef95330 | ||
|   | 55922b52b7 | ||
|   | 0c0a498726 | ||
|   | 3d05fcc0d7 | 
							
								
								
									
										4
									
								
								.github/workflows/build.yml
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										4
									
								
								.github/workflows/build.yml
									
									
									
									
										vendored
									
									
								
							| @@ -9,10 +9,10 @@ jobs: | |||||||
|     - name: Set up Go 1.x |     - name: Set up Go 1.x | ||||||
|       uses: actions/setup-go@v4 |       uses: actions/setup-go@v4 | ||||||
|       with: |       with: | ||||||
|         go-version: ^1.20 |         go-version: ^1.21 | ||||||
|  |  | ||||||
|     - name: Check out code into the Go module directory |     - name: Check out code into the Go module directory | ||||||
|       uses: actions/checkout@v3 |       uses: actions/checkout@v4 | ||||||
|  |  | ||||||
|     - name: Build |     - name: Build | ||||||
|       run: go build -v ./... |       run: go build -v ./... | ||||||
|   | |||||||
							
								
								
									
										13
									
								
								.github/workflows/pr-check-signed-commits.yml
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										13
									
								
								.github/workflows/pr-check-signed-commits.yml
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1,13 @@ | |||||||
|  | name: Check signed commits in PR | ||||||
|  | on: pull_request_target | ||||||
|  |  | ||||||
|  | jobs: | ||||||
|  |   build: | ||||||
|  |     name: Check signed commits in PR | ||||||
|  |     permissions: | ||||||
|  |       contents: read | ||||||
|  |       pull-requests: write | ||||||
|  |     runs-on: ubuntu-latest | ||||||
|  |     steps: | ||||||
|  |       - name: Check signed commits in PR | ||||||
|  |         uses: 1Password/check-signed-commits-action@v1 | ||||||
							
								
								
									
										4
									
								
								.github/workflows/release-pr.yml
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										4
									
								
								.github/workflows/release-pr.yml
									
									
									
									
										vendored
									
									
								
							| @@ -17,7 +17,7 @@ jobs: | |||||||
|       - |       - | ||||||
|         id: is_release_branch_without_pr |         id: is_release_branch_without_pr | ||||||
|         name: Find matching PR |         name: Find matching PR | ||||||
|         uses: actions/github-script@v6 |         uses: actions/github-script@v7 | ||||||
|         with: |         with: | ||||||
|           github-token: ${{ secrets.GITHUB_TOKEN }} |           github-token: ${{ secrets.GITHUB_TOKEN }} | ||||||
|           script: | |           script: | | ||||||
| @@ -43,7 +43,7 @@ jobs: | |||||||
|     name: Create Release Pull Request |     name: Create Release Pull Request | ||||||
|     runs-on: ubuntu-latest |     runs-on: ubuntu-latest | ||||||
|     steps: |     steps: | ||||||
|       - uses: actions/checkout@v3 |       - uses: actions/checkout@v4 | ||||||
|  |  | ||||||
|       - name: Parse release version |       - name: Parse release version | ||||||
|         id: get_version |         id: get_version | ||||||
|   | |||||||
							
								
								
									
										12
									
								
								.github/workflows/release.yml
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										12
									
								
								.github/workflows/release.yml
									
									
									
									
										vendored
									
									
								
							| @@ -12,13 +12,13 @@ jobs: | |||||||
|       DOCKER_CLI_EXPERIMENTAL: "enabled" |       DOCKER_CLI_EXPERIMENTAL: "enabled" | ||||||
|     steps: |     steps: | ||||||
|       - name: Checkout |       - name: Checkout | ||||||
|         uses: actions/checkout@v3 |         uses: actions/checkout@v4 | ||||||
|         with: |         with: | ||||||
|           fetch-depth: 0 |           fetch-depth: 0 | ||||||
|  |  | ||||||
|       - name: Docker meta |       - name: Docker meta | ||||||
|         id: meta |         id: meta | ||||||
|         uses: docker/metadata-action@v4 |         uses: docker/metadata-action@v5 | ||||||
|         with: |         with: | ||||||
|           images: | |           images: | | ||||||
|             1password/onepassword-operator |             1password/onepassword-operator | ||||||
| @@ -33,19 +33,19 @@ jobs: | |||||||
|         run: echo ::set-output name=VERSION::${GITHUB_REF#refs/tags/v} |         run: echo ::set-output name=VERSION::${GITHUB_REF#refs/tags/v} | ||||||
|  |  | ||||||
|       - name: Set up QEMU |       - name: Set up QEMU | ||||||
|         uses: docker/setup-qemu-action@v2 |         uses: docker/setup-qemu-action@v3 | ||||||
|  |  | ||||||
|       - name: Set up Docker Buildx |       - name: Set up Docker Buildx | ||||||
|         uses: docker/setup-buildx-action@v2 |         uses: docker/setup-buildx-action@v3 | ||||||
|  |  | ||||||
|       - name: Docker Login |       - name: Docker Login | ||||||
|         uses: docker/login-action@v2 |         uses: docker/login-action@v3 | ||||||
|         with: |         with: | ||||||
|           username: ${{ secrets.DOCKERHUB_USERNAME }} |           username: ${{ secrets.DOCKERHUB_USERNAME }} | ||||||
|           password: ${{ secrets.DOCKERHUB_TOKEN }} |           password: ${{ secrets.DOCKERHUB_TOKEN }} | ||||||
|  |  | ||||||
|       - name: Build and push |       - name: Build and push | ||||||
|         uses: docker/build-push-action@v3 |         uses: docker/build-push-action@v5 | ||||||
|         with: |         with: | ||||||
|           context: . |           context: . | ||||||
|           file: Dockerfile |           file: Dockerfile | ||||||
|   | |||||||
							
								
								
									
										48
									
								
								CHANGELOG.md
									
									
									
									
									
								
							
							
						
						
									
										48
									
								
								CHANGELOG.md
									
									
									
									
									
								
							| @@ -12,6 +12,54 @@ | |||||||
|  |  | ||||||
| --- | --- | ||||||
|  |  | ||||||
|  | [//]: # (START/v1.9.1) | ||||||
|  | # v1.9.1 | ||||||
|  |  | ||||||
|  | ## Fixes | ||||||
|  |  * Operator no longer panics when handling 1Password items containing files. {#209} | ||||||
|  |  | ||||||
|  | ## Security | ||||||
|  |  * HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net. {#210} | ||||||
|  |  * golang.org/x/net vulnerable to Cross-site Scripting. {#210} | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | [//]: # (START/v1.9.0) | ||||||
|  | # v1.9.0 | ||||||
|  |  | ||||||
|  | ## Features | ||||||
|  |   * Enable the Operator to authenticate to 1Password using service accounts. {#160} | ||||||
|  |  | ||||||
|  | ## Fixes | ||||||
|  |  * Update Operator to use SDK v1.34.1. {#185} | ||||||
|  |  * Pass Kubernetes context down to SDK/Connect. {#199} | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | [//]: # (START/v1.8.1) | ||||||
|  | # v1.8.1 | ||||||
|  |  | ||||||
|  | ## Fixes | ||||||
|  |  * Upgrade operator to use Operator SDK v1.33.0. {#180} | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | [//]: # (START/v1.8.0) | ||||||
|  | # v1.8.0 | ||||||
|  |  | ||||||
|  | ## Features | ||||||
|  |   * Added volume projected detection. Credit to @mmorejon. {#168} | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | [//]: # (START/v1.7.1) | ||||||
|  | # v1.7.1 | ||||||
|  |  | ||||||
|  | ## Fixes | ||||||
|  |  * Adjusting logging level on various logs to reduce unnecessary logging. {#164} | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
| [//]: # (START/v1.7.0) | [//]: # (START/v1.7.0) | ||||||
| # v1.7.0 | # v1.7.0 | ||||||
|  |  | ||||||
|   | |||||||
							
								
								
									
										72
									
								
								CONTRIBUTING.md
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										72
									
								
								CONTRIBUTING.md
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,72 @@ | |||||||
|  | # Contributing | ||||||
|  |  | ||||||
|  | Thank you for your interest in contributing to the 1Password Kubernetes Operator project 👋! Before you start, please take a moment to read through this guide to understand our contribution process. | ||||||
|  |  | ||||||
|  | ## Testing | ||||||
|  |  | ||||||
|  | - For functional testing, run the local version of the operator. From the project root: | ||||||
|  |  | ||||||
|  |   ```sh | ||||||
|  |   # Go to the K8s environment (e.g. minikube) | ||||||
|  |   eval $(minikube docker-env) | ||||||
|  |  | ||||||
|  |   # Build the local Docker image for the operator | ||||||
|  |   make docker-build | ||||||
|  |  | ||||||
|  |   # Deploy the operator | ||||||
|  |   make deploy | ||||||
|  |  | ||||||
|  |   # Remove the operator from K8s | ||||||
|  |   make undeploy | ||||||
|  |   ``` | ||||||
|  |    | ||||||
|  | - For testing the changes made to the `OnePasswordItem` Custom Resource Definition (CRD), you need to re-generate the object: | ||||||
|  |   ```sh | ||||||
|  |   make manifests | ||||||
|  |   ``` | ||||||
|  |  | ||||||
|  | - Run tests for the operator: | ||||||
|  |  | ||||||
|  |   ```sh | ||||||
|  |   make test | ||||||
|  |   ``` | ||||||
|  |  | ||||||
|  | You can check other available commands that may come in handy by running `make help`. | ||||||
|  |  | ||||||
|  | ## Debugging | ||||||
|  |  | ||||||
|  | - Running `kubectl describe pod` will fetch details about pods. This includes configuration information about the container(s) and Pod (labels, resource requirements, etc) and status information about the container(s) and Pod (state, readiness, restart count, events, etc.). | ||||||
|  | - Running `kubectl logs ${POD_NAME} ${CONTAINER_NAME}` will print the logs from the container(s) in a pod. This can help with debugging issues by inspection. | ||||||
|  | - Running `kubectl exec ${POD_NAME} -c ${CONTAINER_NAME} -- ${CMD}` allows executing a command inside a specific container. | ||||||
|  |  | ||||||
|  | For more debugging documentation, see: https://kubernetes.io/docs/tasks/debug/debug-application/debug-pods/ | ||||||
|  |  | ||||||
|  | ## Documentation Updates | ||||||
|  |  | ||||||
|  | If applicable, update the [USAGEGUIDE.md](./USAGEGUIDE.md) and [README.md](./README.md) to reflect any changes introduced by the new code. | ||||||
|  |  | ||||||
|  | ## Sign your commits | ||||||
|  |  | ||||||
|  | To get your PR merged, we require you to sign your commits. There are three options you can choose from. | ||||||
|  |  | ||||||
|  | ### Sign commits with 1Password | ||||||
|  |  | ||||||
|  | You can sign commits using 1Password, which lets you sign commits with biometrics without the signing key leaving the local 1Password process. | ||||||
|  |  | ||||||
|  | Learn how to use [1Password to sign your commits](https://developer.1password.com/docs/ssh/git-commit-signing/). | ||||||
|  |  | ||||||
|  | ### Sign commits with ssh-agent | ||||||
|  |  | ||||||
|  | Follow the steps below to set up commit signing with `ssh-agent`: | ||||||
|  |  | ||||||
|  | 1. [Generate an SSH key and add it to ssh-agent](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent) | ||||||
|  | 2. [Add the SSH key to your GitHub account](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account) | ||||||
|  | 3. [Configure git to use your SSH key for commits signing](https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key#telling-git-about-your-ssh-key) | ||||||
|  |  | ||||||
|  | ### Sign commits with gpg | ||||||
|  |  | ||||||
|  | Follow the steps below to set up commit signing with `gpg`: | ||||||
|  |  | ||||||
|  | 1. [Generate a GPG key](https://docs.github.com/en/authentication/managing-commit-signature-verification/generating-a-new-gpg-key) | ||||||
|  | 2. [Add the GPG key to your GitHub account](https://docs.github.com/en/authentication/managing-commit-signature-verification/adding-a-gpg-key-to-your-github-account) | ||||||
|  | 3. [Configure git to use your GPG key for commits signing](https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key#telling-git-about-your-gpg-key) | ||||||
							
								
								
									
										14
									
								
								Dockerfile
									
									
									
									
									
								
							
							
						
						
									
										14
									
								
								Dockerfile
									
									
									
									
									
								
							| @@ -1,5 +1,5 @@ | |||||||
| # Build the manager binary | # Build the manager binary | ||||||
| FROM golang:1.20 as builder | FROM golang:1.24 as builder | ||||||
| ARG TARGETOS | ARG TARGETOS | ||||||
| ARG TARGETARCH | ARG TARGETARCH | ||||||
|  |  | ||||||
| @@ -7,17 +7,16 @@ WORKDIR /workspace | |||||||
| # Copy the Go Modules manifests | # Copy the Go Modules manifests | ||||||
| COPY go.mod go.mod | COPY go.mod go.mod | ||||||
| COPY go.sum go.sum | COPY go.sum go.sum | ||||||
| # cache deps before building and copying source so that we don't need to re-download as much |  | ||||||
| # and so that source changes don't invalidate our downloaded layer | # Download dependencies | ||||||
| RUN go mod download | RUN go mod download | ||||||
|  |  | ||||||
| # Copy the go source | # Copy the go source | ||||||
| COPY main.go main.go | COPY cmd/main.go cmd/main.go | ||||||
| COPY api/ api/ | COPY api/ api/ | ||||||
| COPY controllers/ controllers/ | COPY internal/controller/ internal/controller/ | ||||||
| COPY pkg/ pkg/ | COPY pkg/ pkg/ | ||||||
| COPY version/ version/ | COPY version/ version/ | ||||||
| COPY vendor/ vendor/ |  | ||||||
|  |  | ||||||
| # Build | # Build | ||||||
| # the GOARCH has not a default value to allow the binary be built according to the host where the command | # the GOARCH has not a default value to allow the binary be built according to the host where the command | ||||||
| @@ -28,8 +27,7 @@ RUN CGO_ENABLED=0 \ | |||||||
|     GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} \ |     GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} \ | ||||||
|     go build \ |     go build \ | ||||||
|     -ldflags "-X \"github.com/1Password/onepassword-operator/version.Version=$operator_version\"" \ |     -ldflags "-X \"github.com/1Password/onepassword-operator/version.Version=$operator_version\"" \ | ||||||
|     -mod vendor \ |     -a -o manager cmd/main.go | ||||||
|     -a -o manager main.go |  | ||||||
|  |  | ||||||
| # Use distroless as minimal base image to package the manager binary | # Use distroless as minimal base image to package the manager binary | ||||||
| # Refer to https://github.com/GoogleContainerTools/distroless for more details | # Refer to https://github.com/GoogleContainerTools/distroless for more details | ||||||
|   | |||||||
							
								
								
									
										91
									
								
								Makefile
									
									
									
									
									
								
							
							
						
						
									
										91
									
								
								Makefile
									
									
									
									
									
								
							| @@ -5,7 +5,7 @@ export MAIN_BRANCH ?= main | |||||||
| # To re-generate a bundle for another specific version without changing the standard setup, you can: | # To re-generate a bundle for another specific version without changing the standard setup, you can: | ||||||
| # - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2) | # - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2) | ||||||
| # - use environment variables to overwrite this value (e.g export VERSION=0.0.2) | # - use environment variables to overwrite this value (e.g export VERSION=0.0.2) | ||||||
| VERSION ?= 1.6.0 | VERSION ?= 1.9.1 | ||||||
|  |  | ||||||
| # CHANNELS define the bundle channels used in the bundle. | # CHANNELS define the bundle channels used in the bundle. | ||||||
| # Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable") | # Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable") | ||||||
| @@ -48,10 +48,14 @@ ifeq ($(USE_IMAGE_DIGESTS), true) | |||||||
| 	BUNDLE_GEN_FLAGS += --use-image-digests | 	BUNDLE_GEN_FLAGS += --use-image-digests | ||||||
| endif | endif | ||||||
|  |  | ||||||
|  | # Set the Operator SDK version to use. By default, what is installed on the system is used. | ||||||
|  | # This is useful for CI or a project to utilize a specific version of the operator-sdk toolkit. | ||||||
|  | OPERATOR_SDK_VERSION ?= v1.34.1 | ||||||
|  |  | ||||||
| # Image URL to use all building/pushing image targets | # Image URL to use all building/pushing image targets | ||||||
| IMG ?= 1password/onepassword-operator:latest | IMG ?= 1password/onepassword-operator:latest | ||||||
| # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary. | # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary. | ||||||
| ENVTEST_K8S_VERSION = 1.26 | ENVTEST_K8S_VERSION = 1.29.1 | ||||||
|  |  | ||||||
| # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set) | # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set) | ||||||
| ifeq (,$(shell go env GOBIN)) | ifeq (,$(shell go env GOBIN)) | ||||||
| @@ -60,6 +64,12 @@ else | |||||||
| GOBIN=$(shell go env GOBIN) | GOBIN=$(shell go env GOBIN) | ||||||
| endif | endif | ||||||
|  |  | ||||||
|  | # CONTAINER_TOOL defines the container tool to be used for building images. | ||||||
|  | # Be aware that the target commands are only tested with Docker which is | ||||||
|  | # scaffolded by default. However, you might want to replace it to use other | ||||||
|  | # tools. (i.e. podman) | ||||||
|  | CONTAINER_TOOL ?= docker | ||||||
|  |  | ||||||
| # Setting SHELL to bash allows bash commands to be executed by recipes. | # Setting SHELL to bash allows bash commands to be executed by recipes. | ||||||
| # Options are set to exit when a recipe line exits non-zero or a piped command fails. | # Options are set to exit when a recipe line exits non-zero or a piped command fails. | ||||||
| SHELL = /usr/bin/env bash -o pipefail | SHELL = /usr/bin/env bash -o pipefail | ||||||
| @@ -111,39 +121,36 @@ test: manifests generate fmt vet envtest ## Run tests. | |||||||
|  |  | ||||||
| .PHONY: build | .PHONY: build | ||||||
| build: manifests generate fmt vet ## Build manager binary. | build: manifests generate fmt vet ## Build manager binary. | ||||||
| 	go build -o bin/manager main.go | 	go build -o bin/manager cmd/main.go | ||||||
|  |  | ||||||
| .PHONY: run | .PHONY: run | ||||||
| run: manifests generate fmt vet ## Run a controller from your host. | run: manifests generate fmt vet ## Run a controller from your host. | ||||||
| 	go run ./main.go | 	go run ./cmd/main.go | ||||||
|  |  | ||||||
| # If you wish built the manager image targeting other platforms you can use the --platform flag. | # If you wish built the manager image targeting other platforms you can use the --platform flag. | ||||||
| # (i.e. docker build --platform linux/arm64 ). However, you must enable docker buildKit for it. | # (i.e. docker build --platform linux/arm64 ). However, you must enable docker buildKit for it. | ||||||
| # More info: https://docs.docker.com/develop/develop-images/build_enhancements/ | # More info: https://docs.docker.com/develop/develop-images/build_enhancements/ | ||||||
| .PHONY: docker-build | .PHONY: docker-build | ||||||
| docker-build: test ## Build docker image with the manager. | docker-build: test ## Build docker image with the manager. | ||||||
| 	docker build -t ${IMG} . | 	$(CONTAINER_TOOL) build -t ${IMG} . | ||||||
|  |  | ||||||
| .PHONY: docker-push | .PHONY: docker-push | ||||||
| docker-push: ## Push docker image with the manager. | docker-push: ## Push docker image with the manager. | ||||||
| 	docker push ${IMG} | 	$(CONTAINER_TOOL) push ${IMG} | ||||||
|  |  | ||||||
| # PLATFORMS defines the target platforms for  the manager image be build to provide support to multiple | # PLATFORMS defines the target platforms for  the manager image be build to provide support to multiple | ||||||
| # architectures. (i.e. make docker-buildx IMG=myregistry/mypoperator:0.0.1). To use this option you need to: | # architectures. (i.e. make docker-buildx IMG=myregistry/mypoperator:0.0.1). To use this option you need to: | ||||||
| # - able to use docker buildx . More info: https://docs.docker.com/build/buildx/ | # - able to use docker buildx . More info: https://docs.docker.com/build/buildx/ | ||||||
| # - have enable BuildKit, More info: https://docs.docker.com/develop/develop-images/build_enhancements/ | # - have enable BuildKit, More info: https://docs.docker.com/develop/develop-images/build_enhancements/ | ||||||
| # - be able to push the image for your registry (i.e. if you do not inform a valid value via IMG=<myregistry/image:<tag>> than the export will fail) | # - be able to push the image for your registry (i.e. if you do not inform a valid value via IMG=<myregistry/image:<tag>> then the export will fail) | ||||||
| # To properly provided solutions that supports more than one platform you should use this option. | # To properly provided solutions that supports more than one platform you should use this option. | ||||||
| PLATFORMS ?= linux/arm64,linux/amd64,linux/s390x,linux/ppc64le | PLATFORMS ?= linux/arm64,linux/amd64,linux/s390x,linux/ppc64le | ||||||
| .PHONY: docker-buildx | .PHONY: docker-buildx | ||||||
| docker-buildx: test ## Build and push docker image for the manager for cross-platform support | docker-buildx: ## Build and push docker image for the manager for cross-platform support | ||||||
| 	# copy existing Dockerfile and insert --platform=${BUILDPLATFORM} into Dockerfile.cross, and preserve the original Dockerfile | 	- $(CONTAINER_TOOL) buildx create --name project-v3-builder | ||||||
| 	sed -e '1 s/\(^FROM\)/FROM --platform=\$$\{BUILDPLATFORM\}/; t' -e ' 1,// s//FROM --platform=\$$\{BUILDPLATFORM\}/' Dockerfile > Dockerfile.cross | 	$(CONTAINER_TOOL) buildx use project-v3-builder | ||||||
| 	- docker buildx create --name project-v3-builder | 	- $(CONTAINER_TOOL) buildx build --push --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile . | ||||||
| 	docker buildx use project-v3-builder | 	- $(CONTAINER_TOOL) buildx rm project-v3-builder | ||||||
| 	- docker buildx build --push --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile.cross |  | ||||||
| 	- docker buildx rm project-v3-builder |  | ||||||
| 	rm Dockerfile.cross |  | ||||||
|  |  | ||||||
| ##@ Deployment | ##@ Deployment | ||||||
|  |  | ||||||
| @@ -153,24 +160,24 @@ endif | |||||||
|  |  | ||||||
| .PHONY: install | .PHONY: install | ||||||
| install: manifests kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config. | install: manifests kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config. | ||||||
| 	$(KUSTOMIZE) build config/crd | kubectl apply -f - | 	$(KUSTOMIZE) build config/crd | $(KUBECTL) apply -f - | ||||||
|  |  | ||||||
| .PHONY: uninstall | .PHONY: uninstall | ||||||
| uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion. | uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion. | ||||||
| 	$(KUSTOMIZE) build config/crd | kubectl delete --ignore-not-found=$(ignore-not-found) -f - | 	$(KUSTOMIZE) build config/crd | $(KUBECTL) delete --ignore-not-found=$(ignore-not-found) -f - | ||||||
|  |  | ||||||
| .PHONY: set-namespace | .PHONY: set-namespace | ||||||
| set-namespace: | set-namespace: | ||||||
| 	cd config/default && $(KUSTOMIZE) edit set namespace $(shell kubectl config view --minify -o jsonpath={..namespace}) | 	cd config/default && $(KUSTOMIZE) edit set namespace $(shell $(KUBECTL) config view --minify -o jsonpath={..namespace}) | ||||||
|  |  | ||||||
| .PHONY: deploy | .PHONY: deploy | ||||||
| deploy: manifests kustomize set-namespace ## Deploy controller to the K8s cluster specified in ~/.kube/config. | deploy: manifests kustomize set-namespace ## Deploy controller to the K8s cluster specified in ~/.kube/config. | ||||||
| 	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} | 	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} | ||||||
| 	$(KUSTOMIZE) build config/default | kubectl apply -f - | 	$(KUSTOMIZE) build config/default | $(KUBECTL) apply -f - | ||||||
|  |  | ||||||
| .PHONY: undeploy | .PHONY: undeploy | ||||||
| undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion. | undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion. | ||||||
| 	$(KUSTOMIZE) build config/default | kubectl delete --ignore-not-found=$(ignore-not-found) -f - | 	$(KUSTOMIZE) build config/default | $(KUBECTL) delete --ignore-not-found=$(ignore-not-found) -f - | ||||||
|  |  | ||||||
| ##@ Build Dependencies | ##@ Build Dependencies | ||||||
|  |  | ||||||
| @@ -180,36 +187,58 @@ $(LOCALBIN): | |||||||
| 	mkdir -p $(LOCALBIN) | 	mkdir -p $(LOCALBIN) | ||||||
|  |  | ||||||
| ## Tool Binaries | ## Tool Binaries | ||||||
|  | KUBECTL ?= kubectl | ||||||
| KUSTOMIZE ?= $(LOCALBIN)/kustomize | KUSTOMIZE ?= $(LOCALBIN)/kustomize | ||||||
| CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen | CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen | ||||||
| ENVTEST ?= $(LOCALBIN)/setup-envtest | ENVTEST ?= $(LOCALBIN)/setup-envtest | ||||||
|  |  | ||||||
| ## Tool Versions | ## Tool Versions | ||||||
| KUSTOMIZE_VERSION ?= v4.5.7 | KUSTOMIZE_VERSION ?= v5.3.0 | ||||||
| CONTROLLER_TOOLS_VERSION ?= v0.10.0 | CONTROLLER_TOOLS_VERSION ?= v0.14.0 | ||||||
|  |  | ||||||
| KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" |  | ||||||
| .PHONY: kustomize | .PHONY: kustomize | ||||||
| kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary. | kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary. If wrong version is installed, it will be removed before downloading. | ||||||
| $(KUSTOMIZE): $(LOCALBIN) | $(KUSTOMIZE): $(LOCALBIN) | ||||||
| 	test -s $(LOCALBIN)/kustomize || { curl -s $(KUSTOMIZE_INSTALL_SCRIPT) | bash -s -- $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); } | 	@if test -x $(LOCALBIN)/kustomize && ! $(LOCALBIN)/kustomize version | grep -q $(KUSTOMIZE_VERSION); then \ | ||||||
|  | 		echo "$(LOCALBIN)/kustomize version is not expected $(KUSTOMIZE_VERSION). Removing it before installing."; \ | ||||||
|  | 		rm -rf $(LOCALBIN)/kustomize; \ | ||||||
|  | 	fi | ||||||
|  | 	test -s $(LOCALBIN)/kustomize || GOBIN=$(LOCALBIN) GO111MODULE=on go install sigs.k8s.io/kustomize/kustomize/v5@$(KUSTOMIZE_VERSION) | ||||||
|  |  | ||||||
| .PHONY: controller-gen | .PHONY: controller-gen | ||||||
| controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. | controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. If wrong version is installed, it will be overwritten. | ||||||
| $(CONTROLLER_GEN): $(LOCALBIN) | $(CONTROLLER_GEN): $(LOCALBIN) | ||||||
| 	test -s $(LOCALBIN)/controller-gen || GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-tools/cmd/controller-gen@$(CONTROLLER_TOOLS_VERSION) | 	test -s $(LOCALBIN)/controller-gen && $(LOCALBIN)/controller-gen --version | grep -q $(CONTROLLER_TOOLS_VERSION) || \ | ||||||
|  | 	GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-tools/cmd/controller-gen@$(CONTROLLER_TOOLS_VERSION) | ||||||
|  |  | ||||||
| .PHONY: envtest | .PHONY: envtest | ||||||
| envtest: $(ENVTEST) ## Download envtest-setup locally if necessary. | envtest: $(ENVTEST) ## Download envtest-setup locally if necessary. | ||||||
| $(ENVTEST): $(LOCALBIN) | $(ENVTEST): $(LOCALBIN) | ||||||
| 	test -s $(LOCALBIN)/setup-envtest || GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest | 	test -s $(LOCALBIN)/setup-envtest || GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest | ||||||
|  |  | ||||||
|  | .PHONY: operator-sdk | ||||||
|  | OPERATOR_SDK ?= $(LOCALBIN)/operator-sdk | ||||||
|  | operator-sdk: ## Download operator-sdk locally if necessary. | ||||||
|  | ifeq (,$(wildcard $(OPERATOR_SDK))) | ||||||
|  | ifeq (, $(shell which operator-sdk 2>/dev/null)) | ||||||
|  | 	@{ \ | ||||||
|  | 	set -e ;\ | ||||||
|  | 	mkdir -p $(dir $(OPERATOR_SDK)) ;\ | ||||||
|  | 	OS=$(shell go env GOOS) && ARCH=$(shell go env GOARCH) && \ | ||||||
|  | 	curl -sSLo $(OPERATOR_SDK) https://github.com/operator-framework/operator-sdk/releases/download/$(OPERATOR_SDK_VERSION)/operator-sdk_$${OS}_$${ARCH} ;\ | ||||||
|  | 	chmod +x $(OPERATOR_SDK) ;\ | ||||||
|  | 	} | ||||||
|  | else | ||||||
|  | OPERATOR_SDK = $(shell which operator-sdk) | ||||||
|  | endif | ||||||
|  | endif | ||||||
|  |  | ||||||
| .PHONY: bundle | .PHONY: bundle | ||||||
| bundle: manifests kustomize ## Generate bundle manifests and metadata, then validate generated files. | bundle: manifests kustomize operator-sdk ## Generate bundle manifests and metadata, then validate generated files. | ||||||
| 	operator-sdk generate kustomize manifests -q | 	$(OPERATOR_SDK) generate kustomize manifests -q | ||||||
| 	cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG) | 	cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG) | ||||||
| 	$(KUSTOMIZE) build config/manifests | operator-sdk generate bundle $(BUNDLE_GEN_FLAGS) | 	$(KUSTOMIZE) build config/manifests | $(OPERATOR_SDK) generate bundle $(BUNDLE_GEN_FLAGS) | ||||||
| 	operator-sdk bundle validate ./bundle | 	$(OPERATOR_SDK) bundle validate ./bundle | ||||||
|  |  | ||||||
| .PHONY: bundle-build | .PHONY: bundle-build | ||||||
| bundle-build: ## Build the bundle image. | bundle-build: ## Build the bundle image. | ||||||
|   | |||||||
							
								
								
									
										6
									
								
								PROJECT
									
									
									
									
									
								
							
							
						
						
									
										6
									
								
								PROJECT
									
									
									
									
									
								
							| @@ -1,6 +1,10 @@ | |||||||
|  | # Code generated by tool. DO NOT EDIT. | ||||||
|  | # This file is used to track the info used to scaffold your project | ||||||
|  | # and allow the plugins properly work. | ||||||
|  | # More info: https://book.kubebuilder.io/reference/project-config.html | ||||||
| domain: onepassword.com | domain: onepassword.com | ||||||
| layout: | layout: | ||||||
| - go.kubebuilder.io/v4-alpha | - go.kubebuilder.io/v4 | ||||||
| plugins: | plugins: | ||||||
|   manifests.sdk.operatorframework.io/v2: {} |   manifests.sdk.operatorframework.io/v2: {} | ||||||
|   scorecard.sdk.operatorframework.io/v2: {} |   scorecard.sdk.operatorframework.io/v2: {} | ||||||
|   | |||||||
							
								
								
									
										293
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										293
									
								
								README.md
									
									
									
									
									
								
							| @@ -1,112 +1,33 @@ | |||||||
| # 1Password Connect Kubernetes Operator | <!-- Image sourced from https://blog.1password.com/introducing-secrets-automation/ --> | ||||||
|  | <img alt="" role="img" src="https://blog.1password.com/posts/2021/secrets-automation-launch/header.svg"/> | ||||||
|  |  | ||||||
| The 1Password Connect Kubernetes Operator provides the ability to integrate Kubernetes with 1Password. This Operator manages `OnePasswordItem` Custom Resource Definitions (CRDs) that define the location of an Item stored in 1Password. The `OnePasswordItem` CRD, when created, will be used to compose a Kubernetes Secret containing the contents of the specified item. | <div align="center"> | ||||||
|  |   <h1>1Password Connect Kubernetes Operator</h1> | ||||||
|  |   <p>Integrate <a href="https://developer.1password.com/docs/connect">1Password Connect</a> with your Kubernetes Infrastructure</p> | ||||||
|  |   <a href="https://github.com/1Password/onepassword-operator#-get-started"> | ||||||
|  |     <img alt="Get started" src="https://user-images.githubusercontent.com/45081667/226940040-16d3684b-60f4-4d95-adb2-5757a8f1bc15.png" height="37"/> | ||||||
|  |   </a> | ||||||
|  | </div> | ||||||
|  |  | ||||||
| The 1Password Connect Kubernetes Operator also allows for Kubernetes Secrets to be composed from a 1Password Item through annotation of an Item Path on a deployment. | --- | ||||||
|  |  | ||||||
| The 1Password Connect Kubernetes Operator will continually check for updates from 1Password for any Kubernetes Secret that it has generated. If a Kubernetes Secret is updated, any Deployment using that secret can be automatically restarted. | The 1Password Connect Kubernetes Operator provides the ability to integrate Kubernetes Secrets with 1Password. The operator also handles autorestarting deployments when 1Password items are updated. | ||||||
|  |  | ||||||
| - [Prerequisites](#prerequisites) | ## ✨ Get started | ||||||
| - [Quickstart for Deploying 1Password Connect to Kubernetes](#quickstart-for-deploying-1password-connect-to-kubernetes) |  | ||||||
| - [Kubernetes Operator Deployment](#kubernetes-operator-deployment) |  | ||||||
| - [Usage](#usage) |  | ||||||
| - [Configuring Automatic Rolling Restarts of Deployments](#configuring-automatic-rolling-restarts-of-deployments) |  | ||||||
| - [Development](#development) |  | ||||||
| - [Security](#security) |  | ||||||
|  |  | ||||||
| ## Prerequisites | ### 🚀 Quickstart | ||||||
|  |  | ||||||
| - [1Password Command Line Tool Installed](https://1password.com/downloads/command-line/) | 1. Add the [1Password Helm Chart](https://github.com/1Password/connect-helm-charts) to your repository. | ||||||
| - [`kubectl` installed](https://kubernetes.io/docs/tasks/tools/install-kubectl/) |  | ||||||
| - [`docker` installed](https://docs.docker.com/get-docker/) |  | ||||||
| - [Generated a 1password-credentials.json file and issued a 1Password Connect API Token for the K8s Operator integration](https://developer.1password.com/docs/connect/get-started/#step-1-set-up-a-secrets-automation-workflow) |  | ||||||
| - [A `1password-credentials.json` file generated and a 1Password Connect API Token issues for the K8s Operator integration](https://developer.1password.com/docs/connect/get-started/#step-1-set-up-a-secrets-automation-workflow) |  | ||||||
| ## Quickstart for Deploying 1Password Connect to Kubernetes |  | ||||||
|  |  | ||||||
| If 1Password Connect is already running, you can skip this step. | 2. Run the following command to install Connect and the 1Password Kubernetes Operator in your infrastructure: | ||||||
|  |  | ||||||
| There are options to deploy 1Password Connect: |  | ||||||
|  |  | ||||||
| - [Deploy with Helm](#deploy-with-helm) |  | ||||||
| - [Deploy using the Connect Operator](#deploy-using-the-connect-operator) |  | ||||||
|  |  | ||||||
| #### Deploy with Helm |  | ||||||
|  |  | ||||||
| The 1Password Connect Helm Chart helps to simplify the deployment of 1Password Connect and the 1Password Connect Kubernetes Operator to Kubernetes. |  | ||||||
|  |  | ||||||
| [The 1Password Connect Helm Chart can be found here.](https://github.com/1Password/connect-helm-charts) |  | ||||||
|  |  | ||||||
| #### Deploy using the Connect Operator |  | ||||||
|  |  | ||||||
| This guide will provide a quickstart option for deploying a default configuration of 1Password Connect via starting the deploying the 1Password Connect Operator, however, it is recommended that you instead deploy your own manifest file if customization of the 1Password Connect deployment is desired. |  | ||||||
|  |  | ||||||
| Encode the `1password-credentials.json` file you generated in the prerequisite steps and save it to a file named `op-session`: |  | ||||||
|  |  | ||||||
| ```bash |  | ||||||
| cat 1password-credentials.json | base64 | \ |  | ||||||
|   tr '/+' '_-' | tr -d '=' | tr -d '\n' > op-session |  | ||||||
| ``` |  | ||||||
|  |  | ||||||
| Create a Kubernetes secret from the op-session file: |  | ||||||
|  |  | ||||||
| ```bash |  | ||||||
| kubectl create secret generic op-credentials --from-file=op-session |  | ||||||
| ``` |  | ||||||
|  |  | ||||||
| Add the following environment variable to the onepassword-connect-operator container in `/config/manager/manager.yaml`: |  | ||||||
|  |  | ||||||
| ```yaml |  | ||||||
| - name: MANAGE_CONNECT |  | ||||||
|   value: "true" |  | ||||||
| ``` |  | ||||||
|  |  | ||||||
| Adding this environment variable will have the operator automatically deploy a default configuration of 1Password Connect to the current namespace. |  | ||||||
|  |  | ||||||
| ### Kubernetes Operator Deployment |  | ||||||
|  |  | ||||||
| **Create Kubernetes Secret for OP_CONNECT_TOKEN** |  | ||||||
|  |  | ||||||
| Create a Connect token for the operator and save it as a Kubernetes Secret: |  | ||||||
|  |  | ||||||
| ```bash |  | ||||||
| kubectl create secret generic onepassword-token --from-literal=token=<OP_CONNECT_TOKEN>" |  | ||||||
| ``` |  | ||||||
|  |  | ||||||
| If you do not have a token for the operator, you can generate a token and save it to Kubernetes with the following command: |  | ||||||
|  |  | ||||||
| ```bash |  | ||||||
| kubectl create secret generic onepassword-token --from-literal=token=$(op create connect token <server> op-k8s-operator --vault <vault>) |  | ||||||
| ``` |  | ||||||
|  |  | ||||||
| **Deploying the Operator** |  | ||||||
|  |  | ||||||
| An sample Deployment yaml can be found at `/config/manager/manager.yaml`. |  | ||||||
|  |  | ||||||
| To further configure the 1Password Kubernetes Operator the following Environment variables can be set in the operator yaml: |  | ||||||
|  |  | ||||||
| - **OP_CONNECT_HOST** *(required)*: Specifies the host name within Kubernetes in which to access the 1Password Connect. |  | ||||||
| - **WATCH_NAMESPACE:** *(default: watch all namespaces)*: Comma separated list of what Namespaces to watch for changes. |  | ||||||
| - **POLLING_INTERVAL** *(default: 600)*: The number of seconds the 1Password Kubernetes Operator will wait before checking for updates from 1Password Connect. |  | ||||||
| - **MANAGE_CONNECT** *(default: false)*: If set to true, on deployment of the operator, a default configuration of the OnePassword Connect Service will be deployed to the current namespace. |  | ||||||
| - **AUTO_RESTART** (default: false): If set to true, the operator will restart any deployment using a secret from 1Password Connect. This can be overwritten by namespace, deployment, or individual secret. More details on AUTO_RESTART can be found in the ["Configuring Automatic Rolling Restarts of Deployments"](#configuring-automatic-rolling-restarts-of-deployments) section. |  | ||||||
|  |  | ||||||
| To deploy the operator, simply run the following command: |  | ||||||
|  |  | ||||||
| ```shell |  | ||||||
| make deploy |  | ||||||
| ``` |  | ||||||
|  |  | ||||||
| **Undeploy Operator** |  | ||||||
|  |  | ||||||
| ``` | ``` | ||||||
| make undeploy | helm install connect 1password/connect --set-file connect.credentials=1password-credentials-demo.json --set operator.create=true --set operator.token.value = <your connect token> | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
| ## Usage | 3. Create a Kubernetes Secret from a 1Password item: | ||||||
|  |  | ||||||
| To create a Kubernetes Secret from a 1Password item, create a yaml file with the following | ``` | ||||||
|  |  | ||||||
| ```yaml |  | ||||||
| apiVersion: onepassword.com/v1 | apiVersion: onepassword.com/v1 | ||||||
| kind: OnePasswordItem | kind: OnePasswordItem | ||||||
| metadata: | metadata: | ||||||
| @@ -117,184 +38,28 @@ spec: | |||||||
|  |  | ||||||
| Deploy the OnePasswordItem to Kubernetes: | Deploy the OnePasswordItem to Kubernetes: | ||||||
|  |  | ||||||
| ```bash | ``` | ||||||
| kubectl apply -f <your_item>.yaml | kubectl apply -f <your_item>.yaml | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
| To test that the Kubernetes Secret check that the following command returns a secret: | Check that the Kubernetes Secret has been generated: | ||||||
|  |  | ||||||
| ```bash | ``` | ||||||
| kubectl get secret <secret_name> | kubectl get secret <secret_name> | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
| **Note:** Deleting the `OnePasswordItem` that you've created will automatically delete the created Kubernetes Secret. | ### 📄 Usage | ||||||
|  |  | ||||||
| To create a single Kubernetes Secret for a deployment, add the following annotations to the deployment metadata: | Refer to the [Usage Guide](USAGEGUIDE.md) for documentation on how to deploy and use the 1Password Operator. | ||||||
|  |  | ||||||
| ```yaml | ## 💙 Community & Support | ||||||
| apiVersion: apps/v1 |  | ||||||
| kind: Deployment |  | ||||||
| metadata: |  | ||||||
|   name: deployment-example |  | ||||||
|   annotations: |  | ||||||
|     operator.1password.io/item-path: "vaults/<vault_id_or_title>/items/<item_id_or_title>" |  | ||||||
|     operator.1password.io/item-name: "<secret_name>" |  | ||||||
| ``` |  | ||||||
|  |  | ||||||
| Applying this yaml file will create a Kubernetes Secret with the name `<secret_name>` and contents from the location specified at the specified Item Path. | - File an [issue](https://github.com/1Password/onepassword-operator/issues) for bugs and feature requests. | ||||||
|  | - Join the [Developer Slack workspace](https://join.slack.com/t/1password-devs/shared_invite/zt-1halo11ps-6o9pEv96xZ3LtX_VE0fJQA). | ||||||
|  | - Subscribe to the [Developer Newsletter](https://1password.com/dev-subscribe/). | ||||||
|  |  | ||||||
| The contents of the Kubernetes secret will be key-value pairs in which the keys are the fields of the 1Password item and the values are the corresponding values stored in 1Password. | ## 🔐 Security | ||||||
| In case of fields that store files, the file's contents will be used as the value. |  | ||||||
|  |  | ||||||
| Within an item, if both a field storing a file and a field of another type have the same name, the file field will be ignored and the other field will take precedence. |  | ||||||
|  |  | ||||||
| **Note:** Deleting the Deployment that you've created will automatically delete the created Kubernetes Secret only if the deployment is still annotated with `operator.1password.io/item-path` and `operator.1password.io/item-name` and no other deployment is using the secret. |  | ||||||
|  |  | ||||||
| If a 1Password Item that is linked to a Kubernetes Secret is updated within the POLLING_INTERVAL the associated Kubernetes Secret will be updated. However, if you do not want a specific secret to be updated you can add the tag `operator.1password.io:ignore-secret` to the item stored in 1Password. While this tag is in place, any updates made to an item will not trigger an update to the associated secret in Kubernetes. |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| **NOTE** |  | ||||||
|  |  | ||||||
| If multiple 1Password vaults/items have the same `title` when using a title in the access path, the desired action will be performed on the oldest vault/item. |  | ||||||
|  |  | ||||||
| Titles and field names that include white space and other characters that are not a valid [DNS subdomain name](https://kubernetes.io/docs/concepts/configuration/secret/) will create Kubernetes secrets that have titles and fields in the following format: |  | ||||||
|  |  | ||||||
| - Invalid characters before the first alphanumeric character and after the last alphanumeric character will be removed |  | ||||||
| - All whitespaces between words will be replaced by `-` |  | ||||||
| - All the letters will be lower-cased. |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| ## Configuring Automatic Rolling Restarts of Deployments |  | ||||||
|  |  | ||||||
| If a 1Password Item that is linked to a Kubernetes Secret is updated, any deployments configured to `auto-restart` AND are using that secret will be given a rolling restart the next time 1Password Connect is polled for updates. |  | ||||||
|  |  | ||||||
| There are many levels of granularity on which to configure auto restarts on deployments: |  | ||||||
| - Operator level |  | ||||||
| - Per-namespace |  | ||||||
| - Per-deployment |  | ||||||
|  |  | ||||||
| **Operator Level**: This method allows for managing auto restarts on all deployments within the namespaces watched by operator. Auto restarts can be enabled by setting the environment variable `AUTO_RESTART` to true. If the value is not set, the operator will default this value to false. |  | ||||||
|  |  | ||||||
| **Per Namespace**: This method allows for managing auto restarts on all deployments within a namespace. Auto restarts can by managed by setting the annotation `operator.1password.io/auto-restart` to either `true` or `false` on the desired namespace. An example of this is shown below: |  | ||||||
|  |  | ||||||
| ```yaml |  | ||||||
| # enabled auto restarts for all deployments within a namespace unless overwritten within a deployment |  | ||||||
| apiVersion: v1 |  | ||||||
| kind: Namespace |  | ||||||
| metadata: |  | ||||||
|   name: "example-namespace" |  | ||||||
|   annotations: |  | ||||||
|     operator.1password.io/auto-restart: "true" |  | ||||||
| ``` |  | ||||||
|  |  | ||||||
| If the value is not set, the auto restart settings on the operator will be used. This value can be overwritten by deployment. |  | ||||||
|  |  | ||||||
| **Per Deployment** |  | ||||||
| This method allows for managing auto restarts on a given deployment. Auto restarts can by managed by setting the annotation `operator.1password.io/auto-restart` to either `true` or `false` on the desired deployment. An example of this is shown below: |  | ||||||
|  |  | ||||||
| ```yaml |  | ||||||
| # enabled auto restarts for the deployment |  | ||||||
| apiVersion: v1 |  | ||||||
| kind: Deployment |  | ||||||
| metadata: |  | ||||||
|   name: "example-deployment" |  | ||||||
|   annotations: |  | ||||||
|     operator.1password.io/auto-restart: "true" |  | ||||||
| ``` |  | ||||||
|  |  | ||||||
| If the value is not set, the auto restart settings on the namespace will be used. |  | ||||||
|  |  | ||||||
| **Per OnePasswordItem Custom Resource** |  | ||||||
| This method allows for managing auto restarts on a given OnePasswordItem custom resource. Auto restarts can by managed by setting the annotation `operator.1password.io/auto_restart` to either `true` or `false` on the desired OnePasswordItem. An example of this is shown below: |  | ||||||
|  |  | ||||||
| ```yaml |  | ||||||
| # enabled auto restarts for the OnePasswordItem |  | ||||||
| apiVersion: onepassword.com/v1 |  | ||||||
| kind: OnePasswordItem |  | ||||||
| metadata: |  | ||||||
|   name: example |  | ||||||
|   annotations: |  | ||||||
|     operator.1password.io/auto-restart: "true" |  | ||||||
| ``` |  | ||||||
|  |  | ||||||
| If the value is not set, the auto restart settings on the deployment will be used. |  | ||||||
|  |  | ||||||
| <!-- |  | ||||||
| ## Getting Started |  | ||||||
| You’ll need a Kubernetes cluster to run against. You can use [KIND](https://sigs.k8s.io/kind) to get a local cluster for testing, or run against a remote cluster. |  | ||||||
| **Note:** Your controller will automatically use the current context in your kubeconfig file (i.e. whatever cluster `kubectl cluster-info` shows). |  | ||||||
|  |  | ||||||
| ### Running on the cluster |  | ||||||
| 1. Install Instances of Custom Resources: |  | ||||||
|  |  | ||||||
| ```sh |  | ||||||
| kubectl apply -f config/samples/ |  | ||||||
| ``` |  | ||||||
|  |  | ||||||
| 2. Deploy the controller to the cluster with the image specified by `IMG`: |  | ||||||
|  |  | ||||||
| ```sh |  | ||||||
| make deploy IMG=<some-registry>/onepassword-operator:tag |  | ||||||
| ``` |  | ||||||
|  |  | ||||||
| ### Uninstall CRDs |  | ||||||
| To delete the CRDs from the cluster: |  | ||||||
|  |  | ||||||
| ```sh |  | ||||||
| make uninstall |  | ||||||
| ``` |  | ||||||
|  |  | ||||||
| ### Undeploy controller |  | ||||||
| UnDeploy the controller to the cluster: |  | ||||||
|  |  | ||||||
| ```sh |  | ||||||
| make undeploy |  | ||||||
| ``` |  | ||||||
| --> |  | ||||||
|  |  | ||||||
| ## Development |  | ||||||
|  |  | ||||||
| ### How it works |  | ||||||
|  |  | ||||||
| This project aims to follow the Kubernetes [Operator pattern](https://kubernetes.io/docs/concepts/extend-kubernetes/operator/) |  | ||||||
|  |  | ||||||
| It uses [Controllers](https://kubernetes.io/docs/concepts/architecture/controller/) |  | ||||||
| which provides a reconcile function responsible for synchronizing resources until the desired state is reached on the cluster |  | ||||||
|  |  | ||||||
| ### Test It Out |  | ||||||
|  |  | ||||||
| 1. Install the CRDs into the cluster: |  | ||||||
|  |  | ||||||
| ```sh |  | ||||||
| make install |  | ||||||
| ``` |  | ||||||
|  |  | ||||||
| 2. Run your controller (this will run in the foreground, so switch to a new terminal if you want to leave it running): |  | ||||||
|  |  | ||||||
| ```sh |  | ||||||
| make run |  | ||||||
| ``` |  | ||||||
|  |  | ||||||
| **NOTE:** You can also run this in one step by running: `make install run` |  | ||||||
|  |  | ||||||
| ### Modifying the API definitions |  | ||||||
|  |  | ||||||
| If you are editing the API definitions, generate the manifests such as CRs or CRDs using: |  | ||||||
|  |  | ||||||
| ```sh |  | ||||||
| make manifests |  | ||||||
| ``` |  | ||||||
|  |  | ||||||
| **NOTE:** Run `make --help` for more information on all potential `make` targets |  | ||||||
|  |  | ||||||
| More information can be found via the [Kubebuilder Documentation](https://book.kubebuilder.io/introduction.html) |  | ||||||
|  |  | ||||||
| ## Security |  | ||||||
|  |  | ||||||
| 1Password requests you practice responsible disclosure if you discover a vulnerability. | 1Password requests you practice responsible disclosure if you discover a vulnerability. | ||||||
|  |  | ||||||
| Please file requests via [**BugCrowd**](https://bugcrowd.com/agilebits). | Please file requests by sending an email to bugbounty@agilebits.com. | ||||||
|  |  | ||||||
| For information about security practices, please visit our [Security homepage](https://bugcrowd.com/agilebits). |  | ||||||
|   | |||||||
							
								
								
									
										221
									
								
								USAGEGUIDE.md
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										221
									
								
								USAGEGUIDE.md
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,221 @@ | |||||||
|  | <img alt="" role="img" src="https://blog.1password.com/posts/2021/secrets-automation-launch/header.svg"/> | ||||||
|  | <div align="center"> | ||||||
|  |   <h1>Usage Guide</h1> | ||||||
|  | </div> | ||||||
|  |  | ||||||
|  | ## Table of Contents | ||||||
|  |  | ||||||
|  | 1. [Configuration Options](#configuration-options) | ||||||
|  | 2. [Use Kubernetes Operator with Service Account](#use-kubernetes-operator-with-service-account) | ||||||
|  |     - [Create a Service Account](#1-create-a-service-account) | ||||||
|  |     - [Create a Kubernetes secret](#2-create-a-kubernetes-secret-for-the-service-account) | ||||||
|  |     - [Deploy the Operator](#3-deploy-the-operator) | ||||||
|  | 3. [Use Kubernetes Operator with Connect](#use-kubernetes-operator-with-connect) | ||||||
|  |     - [Deploy with Helm](#1-deploy-with-helm) | ||||||
|  |     - [Deploy manually](#2-deploy-manually) | ||||||
|  | 4. [Logging level](#logging-level) | ||||||
|  | 5. [Usage examples](#usage-examples) | ||||||
|  | 6. [How 1Password Items Map to Kubernetes Secrets](#how-1password-items-map-to-kubernetes-secrets) | ||||||
|  | 7. [Configuring Automatic Rolling Restarts of Deployments](#configuring-automatic-rolling-restarts-of-deployments) | ||||||
|  | 8. [Development](#development) | ||||||
|  |  | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Configuration options | ||||||
|  | There are 2 ways 1Password Operator can talk to 1Password servers: | ||||||
|  | - [1Password Service Accounts](https://developer.1password.com/docs/service-accounts) | ||||||
|  | - [1Password Connect](https://developer.1password.com/docs/connect/) | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ##  Use Kubernetes Operator with Service Account | ||||||
|  |  | ||||||
|  | ### 1. [Create a service account](https://developer.1password.com/docs/service-accounts/get-started#create-a-service-account) | ||||||
|  | ### 2. Create a Kubernetes secret for the Service Account | ||||||
|  | - Set `OP_SERVICE_ACCOUNT_TOKEN` environment variable to the service account token you created in the previous step. This token will be used by the operator to access 1Password items. | ||||||
|  | - Create Kubernetes secret: | ||||||
|  |  | ||||||
|  | ```bash | ||||||
|  | kubectl create secret generic onepassword-service-account-token --from-literal=token="$OP_SERVICE_ACCOUNT_TOKEN" | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ### 3. Deploy the Operator | ||||||
|  |  | ||||||
|  | An sample Deployment yaml can be found at `/config/manager/manager.yaml`. | ||||||
|  | To use Operator with Service Account, you need to set the `OP_SERVICE_ACCOUNT_TOKEN` environment variable in the `/config/manager/manager.yaml`. And remove `OP_CONNECT_TOKEN` and `OP_CONNECT_HOST` environment variables. | ||||||
|  |  | ||||||
|  | To further configure the 1Password Kubernetes Operator the following Environment variables can be set in the operator yaml: | ||||||
|  |  | ||||||
|  | - **OP_SERVICE_ACCOUNT_TOKEN** *(required)*: Specifies Service Account token within Kubernetes to access the 1Password items. | ||||||
|  | - **WATCH_NAMESPACE:** *(default: watch all namespaces)*: Comma separated list of what Namespaces to watch for changes. | ||||||
|  | - **POLLING_INTERVAL** *(default: 600)*: The number of seconds the 1Password Kubernetes Operator will wait before checking for updates from 1Password. | ||||||
|  | - **AUTO_RESTART** (default: false): If set to true, the operator will restart any deployment using a secret from 1Password. This can be overwritten by namespace, deployment, or individual secret. More details on AUTO_RESTART can be found in the ["Configuring Automatic Rolling Restarts of Deployments"](#configuring-automatic-rolling-restarts-of-deployments) section. | ||||||
|  |  | ||||||
|  | To deploy the operator, simply run the following command: | ||||||
|  |  | ||||||
|  | ```shell | ||||||
|  | make deploy | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | **Undeploy Operator** | ||||||
|  |  | ||||||
|  | ``` | ||||||
|  | make undeploy | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Use Kubernetes Operator with Connect | ||||||
|  |  | ||||||
|  | ### 1. [Deploy with Helm](https://developer.1password.com/docs/k8s/operator/?deployment-type=helm#helm-step-1) | ||||||
|  | ### 2. [Deploy manually](https://developer.1password.com/docs/k8s/operator/?deployment-type=manual#manual-step-1) | ||||||
|  |  | ||||||
|  | To further configure the 1Password Kubernetes Operator the following Environment variables can be set in the operator yaml: | ||||||
|  |  | ||||||
|  | - **OP_CONNECT_HOST** *(required)*: Specifies the host name within Kubernetes in which to access the 1Password Connect. | ||||||
|  | - **WATCH_NAMESPACE:** *(default: watch all namespaces)*: Comma separated list of what Namespaces to watch for changes. | ||||||
|  | - **POLLING_INTERVAL** *(default: 600)*: The number of seconds the 1Password Kubernetes Operator will wait before checking for updates from 1Password Connect. | ||||||
|  | - **MANAGE_CONNECT** *(default: false)*: If set to true, on deployment of the operator, a default configuration of the OnePassword Connect Service will be deployed to the current namespace. | ||||||
|  | - **AUTO_RESTART** (default: false): If set to true, the operator will restart any deployment using a secret from 1Password Connect. This can be overwritten by namespace, deployment, or individual secret. More details on AUTO_RESTART can be found in the ["Configuring Automatic Rolling Restarts of Deployments"](#configuring-automatic-rolling-restarts-of-deployments) section. | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Logging level | ||||||
|  | You can set the logging level by setting `--zap-log-level` as an arg on the containers to either `debug`, `info` or `error`. The default value is `debug`. | ||||||
|  |  | ||||||
|  | Example: | ||||||
|  | ```yaml | ||||||
|  | .... | ||||||
|  | containers: | ||||||
|  |       - command: | ||||||
|  |         - /manager | ||||||
|  |         args: | ||||||
|  |         - --leader-elect | ||||||
|  |         - --zap-log-level=info | ||||||
|  |         image: 1password/onepassword-operator:latest | ||||||
|  | .... | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Usage examples | ||||||
|  | Find usage [examples](https://developer.1password.com/docs/k8s/operator/?deployment-type=manual#usage-examples) on 1Password developer documentation. | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## How 1Password Items Map to Kubernetes Secrets | ||||||
|  |  | ||||||
|  | The contents of the Kubernetes secret will be key-value pairs in which the keys are the fields of the 1Password item and the values are the corresponding values stored in 1Password. | ||||||
|  | In case of fields that store files, the file's contents will be used as the value. | ||||||
|  |  | ||||||
|  | Within an item, if both a field storing a file and a field of another type have the same name, the file field will be ignored and the other field will take precedence. | ||||||
|  |  | ||||||
|  | Deleting the Deployment that you've created will automatically delete the created Kubernetes Secret only if the deployment is still annotated with `operator.1password.io/item-path` and `operator.1password.io/item-name` and no other deployment is using the secret. | ||||||
|  |  | ||||||
|  | If a 1Password Item that is linked to a Kubernetes Secret is updated within the POLLING_INTERVAL the associated Kubernetes Secret will be updated. However, if you do not want a specific secret to be updated you can add the tag `operator.1password.io:ignore-secret` to the item stored in 1Password. While this tag is in place, any updates made to an item will not trigger an update to the associated secret in Kubernetes. | ||||||
|  |  | ||||||
|  |  | ||||||
|  | If multiple 1Password vaults/items have the same `title` when using a title in the access path, the desired action will be performed on the oldest vault/item. | ||||||
|  |  | ||||||
|  | Titles and field names that include white space and other characters that are not a valid [DNS subdomain name](https://kubernetes.io/docs/concepts/configuration/secret/) will create Kubernetes secrets that have titles and fields in the following format: | ||||||
|  |  | ||||||
|  | - Invalid characters before the first alphanumeric character and after the last alphanumeric character will be removed | ||||||
|  | - All whitespaces between words will be replaced by `-` | ||||||
|  | - All the letters will be lower-cased. | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Configuring Automatic Rolling Restarts of Deployments | ||||||
|  |  | ||||||
|  | If a 1Password Item that is linked to a Kubernetes Secret is updated, any deployments configured to `auto-restart` AND are using that secret will be given a rolling restart the next time 1Password Connect is polled for updates. | ||||||
|  |  | ||||||
|  | There are many levels of granularity on which to configure auto restarts on deployments: | ||||||
|  | - Operator level | ||||||
|  | - Per-namespace | ||||||
|  | - Per-deployment | ||||||
|  |  | ||||||
|  | **Operator Level**: This method allows for managing auto restarts on all deployments within the namespaces watched by operator. Auto restarts can be enabled by setting the environment variable `AUTO_RESTART` to true. If the value is not set, the operator will default this value to false. | ||||||
|  |  | ||||||
|  | **Per Namespace**: This method allows for managing auto restarts on all deployments within a namespace. Auto restarts can by managed by setting the annotation `operator.1password.io/auto-restart` to either `true` or `false` on the desired namespace. An example of this is shown below: | ||||||
|  |  | ||||||
|  | ```yaml | ||||||
|  | # enabled auto restarts for all deployments within a namespace unless overwritten within a deployment | ||||||
|  | apiVersion: v1 | ||||||
|  | kind: Namespace | ||||||
|  | metadata: | ||||||
|  |   name: "example-namespace" | ||||||
|  |   annotations: | ||||||
|  |     operator.1password.io/auto-restart: "true" | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | If the value is not set, the auto restart settings on the operator will be used. This value can be overwritten by deployment. | ||||||
|  |  | ||||||
|  | **Per Deployment** | ||||||
|  | This method allows for managing auto restarts on a given deployment. Auto restarts can by managed by setting the annotation `operator.1password.io/auto-restart` to either `true` or `false` on the desired deployment. An example of this is shown below: | ||||||
|  |  | ||||||
|  | ```yaml | ||||||
|  | # enabled auto restarts for the deployment | ||||||
|  | apiVersion: v1 | ||||||
|  | kind: Deployment | ||||||
|  | metadata: | ||||||
|  |   name: "example-deployment" | ||||||
|  |   annotations: | ||||||
|  |     operator.1password.io/auto-restart: "true" | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | If the value is not set, the auto restart settings on the namespace will be used. | ||||||
|  |  | ||||||
|  | **Per OnePasswordItem Custom Resource** | ||||||
|  | This method allows for managing auto restarts on a given OnePasswordItem custom resource. Auto restarts can by managed by setting the annotation `operator.1password.io/auto_restart` to either `true` or `false` on the desired OnePasswordItem. An example of this is shown below: | ||||||
|  |  | ||||||
|  | ```yaml | ||||||
|  | # enabled auto restarts for the OnePasswordItem | ||||||
|  | apiVersion: onepassword.com/v1 | ||||||
|  | kind: OnePasswordItem | ||||||
|  | metadata: | ||||||
|  |   name: example | ||||||
|  |   annotations: | ||||||
|  |     operator.1password.io/auto-restart: "true" | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | If the value is not set, the auto restart settings on the deployment will be used. | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | ## Development | ||||||
|  |  | ||||||
|  | ### How it works | ||||||
|  |  | ||||||
|  | This project aims to follow the Kubernetes [Operator pattern](https://kubernetes.io/docs/concepts/extend-kubernetes/operator/) | ||||||
|  |  | ||||||
|  | It uses [Controllers](https://kubernetes.io/docs/concepts/architecture/controller/) | ||||||
|  | which provides a reconcile function responsible for synchronizing resources until the desired state is reached on the cluster | ||||||
|  |  | ||||||
|  | ### Test It Out | ||||||
|  |  | ||||||
|  | 1. Install the CRDs into the cluster: | ||||||
|  |  | ||||||
|  | ```sh | ||||||
|  | make install | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | 2. Run your controller (this will run in the foreground, so switch to a new terminal if you want to leave it running): | ||||||
|  |  | ||||||
|  | ```sh | ||||||
|  | make run | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | **NOTE:** You can also run this in one step by running: `make install run` | ||||||
|  |  | ||||||
|  | ### Modifying the API definitions | ||||||
|  |  | ||||||
|  | If you are editing the API definitions, generate the manifests such as CRs or CRDs using: | ||||||
|  |  | ||||||
|  | ```sh | ||||||
|  | make manifests | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | **NOTE:** Run `make --help` for more information on all potential `make` targets | ||||||
|  |  | ||||||
|  | More information can be found via the [Kubebuilder Documentation](https://book.kubebuilder.io/introduction.html) | ||||||
| @@ -1,7 +1,7 @@ | |||||||
| /* | /* | ||||||
| MIT License | MIT License | ||||||
|  |  | ||||||
| Copyright (c) 2020-2022 1Password | Copyright (c) 2020-2024 1Password | ||||||
|  |  | ||||||
| Permission is hereby granted, free of charge, to any person obtaining a copy | Permission is hereby granted, free of charge, to any person obtaining a copy | ||||||
| of this software and associated documentation files (the "Software"), to deal | of this software and associated documentation files (the "Software"), to deal | ||||||
|   | |||||||
| @@ -1,7 +1,7 @@ | |||||||
| /* | /* | ||||||
| MIT License | MIT License | ||||||
|  |  | ||||||
| Copyright (c) 2020-2022 1Password | Copyright (c) 2020-2024 1Password | ||||||
|  |  | ||||||
| Permission is hereby granted, free of charge, to any person obtaining a copy | Permission is hereby granted, free of charge, to any person obtaining a copy | ||||||
| of this software and associated documentation files (the "Software"), to deal | of this software and associated documentation files (the "Software"), to deal | ||||||
|   | |||||||
| @@ -1,10 +1,9 @@ | |||||||
| //go:build !ignore_autogenerated | //go:build !ignore_autogenerated | ||||||
| // +build !ignore_autogenerated |  | ||||||
|  |  | ||||||
| /* | /* | ||||||
| MIT License | MIT License | ||||||
|  |  | ||||||
| Copyright (c) 2020-2022 1Password | Copyright (c) 2020-2024 1Password | ||||||
|  |  | ||||||
| Permission is hereby granted, free of charge, to any person obtaining a copy | Permission is hereby granted, free of charge, to any person obtaining a copy | ||||||
| of this software and associated documentation files (the "Software"), to deal | of this software and associated documentation files (the "Software"), to deal | ||||||
|   | |||||||
| @@ -1,7 +1,7 @@ | |||||||
| /* | /* | ||||||
| MIT License | MIT License | ||||||
| 
 | 
 | ||||||
| Copyright (c) 2020-2022 1Password | Copyright (c) 2020-2024 1Password | ||||||
| 
 | 
 | ||||||
| Permission is hereby granted, free of charge, to any person obtaining a copy | Permission is hereby granted, free of charge, to any person obtaining a copy | ||||||
| of this software and associated documentation files (the "Software"), to deal | of this software and associated documentation files (the "Software"), to deal | ||||||
| @@ -25,6 +25,7 @@ SOFTWARE. | |||||||
| package main | package main | ||||||
| 
 | 
 | ||||||
| import ( | import ( | ||||||
|  | 	"context" | ||||||
| 	"errors" | 	"errors" | ||||||
| 	"flag" | 	"flag" | ||||||
| 	"fmt" | 	"fmt" | ||||||
| @@ -35,8 +36,6 @@ import ( | |||||||
| 	"strings" | 	"strings" | ||||||
| 	"time" | 	"time" | ||||||
| 
 | 
 | ||||||
| 	"github.com/1Password/connect-sdk-go/connect" |  | ||||||
| 
 |  | ||||||
| 	// Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.) | 	// Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.) | ||||||
| 	// to ensure that exec-entrypoint and run can make use of them. | 	// to ensure that exec-entrypoint and run can make use of them. | ||||||
| 	_ "k8s.io/client-go/plugin/pkg/client/auth" | 	_ "k8s.io/client-go/plugin/pkg/client/auth" | ||||||
| @@ -44,14 +43,17 @@ import ( | |||||||
| 	k8sruntime "k8s.io/apimachinery/pkg/runtime" | 	k8sruntime "k8s.io/apimachinery/pkg/runtime" | ||||||
| 	utilruntime "k8s.io/apimachinery/pkg/util/runtime" | 	utilruntime "k8s.io/apimachinery/pkg/util/runtime" | ||||||
| 	clientgoscheme "k8s.io/client-go/kubernetes/scheme" | 	clientgoscheme "k8s.io/client-go/kubernetes/scheme" | ||||||
|  | 	"k8s.io/client-go/rest" | ||||||
| 	ctrl "sigs.k8s.io/controller-runtime" | 	ctrl "sigs.k8s.io/controller-runtime" | ||||||
| 	"sigs.k8s.io/controller-runtime/pkg/cache" | 	"sigs.k8s.io/controller-runtime/pkg/cache" | ||||||
| 	"sigs.k8s.io/controller-runtime/pkg/healthz" | 	"sigs.k8s.io/controller-runtime/pkg/healthz" | ||||||
| 	"sigs.k8s.io/controller-runtime/pkg/log/zap" | 	"sigs.k8s.io/controller-runtime/pkg/log/zap" | ||||||
|  | 	metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server" | ||||||
| 
 | 
 | ||||||
| 	onepasswordcomv1 "github.com/1Password/onepassword-operator/api/v1" | 	onepasswordcomv1 "github.com/1Password/onepassword-operator/api/v1" | ||||||
| 	"github.com/1Password/onepassword-operator/controllers" | 	"github.com/1Password/onepassword-operator/internal/controller" | ||||||
| 	op "github.com/1Password/onepassword-operator/pkg/onepassword" | 	op "github.com/1Password/onepassword-operator/pkg/onepassword" | ||||||
|  | 	opclient "github.com/1Password/onepassword-operator/pkg/onepassword/client" | ||||||
| 	"github.com/1Password/onepassword-operator/pkg/utils" | 	"github.com/1Password/onepassword-operator/pkg/utils" | ||||||
| 	"github.com/1Password/onepassword-operator/version" | 	"github.com/1Password/onepassword-operator/version" | ||||||
| 	//+kubebuilder:scaffold:imports | 	//+kubebuilder:scaffold:imports | ||||||
| @@ -111,6 +113,9 @@ func main() { | |||||||
| 
 | 
 | ||||||
| 	printVersion() | 	printVersion() | ||||||
| 
 | 
 | ||||||
|  | 	// Create a root context that will be cancelled on termination signals | ||||||
|  | 	ctx := ctrl.SetupSignalHandler() | ||||||
|  | 
 | ||||||
| 	watchNamespace, err := getWatchNamespace() | 	watchNamespace, err := getWatchNamespace() | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		setupLog.Error(err, "unable to get WatchNamespace, "+ | 		setupLog.Error(err, "unable to get WatchNamespace, "+ | ||||||
| @@ -125,20 +130,23 @@ func main() { | |||||||
| 
 | 
 | ||||||
| 	options := ctrl.Options{ | 	options := ctrl.Options{ | ||||||
| 		Scheme:                 scheme, | 		Scheme:                 scheme, | ||||||
| 		Namespace:              watchNamespace, | 		Metrics:                metricsserver.Options{BindAddress: metricsAddr}, | ||||||
| 		MetricsBindAddress:     metricsAddr, |  | ||||||
| 		Port:                   9443, |  | ||||||
| 		HealthProbeBindAddress: probeAddr, | 		HealthProbeBindAddress: probeAddr, | ||||||
| 		LeaderElection:         enableLeaderElection, | 		LeaderElection:         enableLeaderElection, | ||||||
| 		LeaderElectionID:       "c26807fd.onepassword.com", | 		LeaderElectionID:       "c26807fd.onepassword.com", | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	// Add support for MultiNamespace set in WATCH_NAMESPACE (e.g ns1,ns2) | 	// Add support for MultiNamespace set in WATCH_NAMESPACE (e.g ns1,ns2) | ||||||
| 	if strings.Contains(watchNamespace, ",") { | 	if watchNamespace != "" { | ||||||
| 		setupLog.Info("manager set up with multiple namespaces", "namespaces", watchNamespace) | 		namespaces := strings.Split(watchNamespace, ",") | ||||||
| 		// configure cluster-scoped with MultiNamespacedCacheBuilder | 		namespaceMap := make(map[string]cache.Config) | ||||||
| 		options.Namespace = "" | 		for _, namespace := range namespaces { | ||||||
| 		options.NewCache = cache.MultiNamespacedCacheBuilder(strings.Split(watchNamespace, ",")) | 			namespaceMap[namespace] = cache.Config{} | ||||||
|  | 		} | ||||||
|  | 		options.NewCache = func(config *rest.Config, opts cache.Options) (cache.Cache, error) { | ||||||
|  | 			opts.DefaultNamespaces = namespaceMap | ||||||
|  | 			return cache.New(config, opts) | ||||||
|  | 		} | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), options) | 	mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), options) | ||||||
| @@ -148,26 +156,29 @@ func main() { | |||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	// Setup One Password Client | 	// Setup One Password Client | ||||||
| 	opConnectClient, err := connect.NewClientFromEnvironment() | 	opClient, err := opclient.NewFromEnvironment(ctx, opclient.Config{ | ||||||
|  | 		Logger:  setupLog, | ||||||
|  | 		Version: version.OperatorVersion, | ||||||
|  | 	}) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		setupLog.Error(err, "unable to create Connect client") | 		setupLog.Error(err, "unable to create 1Password client") | ||||||
| 		os.Exit(1) | 		os.Exit(1) | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	if err = (&controllers.OnePasswordItemReconciler{ | 	if err = (&controller.OnePasswordItemReconciler{ | ||||||
| 		Client:          mgr.GetClient(), | 		Client:   mgr.GetClient(), | ||||||
| 		Scheme:          mgr.GetScheme(), | 		Scheme:   mgr.GetScheme(), | ||||||
| 		OpConnectClient: opConnectClient, | 		OpClient: opClient, | ||||||
| 	}).SetupWithManager(mgr); err != nil { | 	}).SetupWithManager(mgr); err != nil { | ||||||
| 		setupLog.Error(err, "unable to create controller", "controller", "OnePasswordItem") | 		setupLog.Error(err, "unable to create controller", "controller", "OnePasswordItem") | ||||||
| 		os.Exit(1) | 		os.Exit(1) | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	r, _ := regexp.Compile(annotationRegExpString) | 	r, _ := regexp.Compile(annotationRegExpString) | ||||||
| 	if err = (&controllers.DeploymentReconciler{ | 	if err = (&controller.DeploymentReconciler{ | ||||||
| 		Client:             mgr.GetClient(), | 		Client:             mgr.GetClient(), | ||||||
| 		Scheme:             mgr.GetScheme(), | 		Scheme:             mgr.GetScheme(), | ||||||
| 		OpConnectClient:    opConnectClient, | 		OpClient:           opClient, | ||||||
| 		OpAnnotationRegExp: r, | 		OpAnnotationRegExp: r, | ||||||
| 	}).SetupWithManager(mgr); err != nil { | 	}).SetupWithManager(mgr); err != nil { | ||||||
| 		setupLog.Error(err, "unable to create controller", "controller", "Deployment") | 		setupLog.Error(err, "unable to create controller", "controller", "Deployment") | ||||||
| @@ -178,10 +189,10 @@ func main() { | |||||||
| 	//Setup 1PasswordConnect | 	//Setup 1PasswordConnect | ||||||
| 	if shouldManageConnect() { | 	if shouldManageConnect() { | ||||||
| 		setupLog.Info("Automated Connect Management Enabled") | 		setupLog.Info("Automated Connect Management Enabled") | ||||||
| 		go func() { | 		go func(ctx context.Context) { | ||||||
| 			connectStarted := false | 			connectStarted := false | ||||||
| 			for connectStarted == false { | 			for connectStarted == false { | ||||||
| 				err := op.SetupConnect(mgr.GetClient(), deploymentNamespace) | 				err := op.SetupConnect(ctx, mgr.GetClient(), deploymentNamespace) | ||||||
| 				// Cache Not Started is an acceptable error. Retry until cache is started. | 				// Cache Not Started is an acceptable error. Retry until cache is started. | ||||||
| 				if err != nil && !errors.Is(err, &cache.ErrCacheNotStarted{}) { | 				if err != nil && !errors.Is(err, &cache.ErrCacheNotStarted{}) { | ||||||
| 					setupLog.Error(err, "") | 					setupLog.Error(err, "") | ||||||
| @@ -191,29 +202,29 @@ func main() { | |||||||
| 					connectStarted = true | 					connectStarted = true | ||||||
| 				} | 				} | ||||||
| 			} | 			} | ||||||
| 		}() | 		}(ctx) | ||||||
| 	} else { | 	} else { | ||||||
| 		setupLog.Info("Automated Connect Management Disabled") | 		setupLog.Info("Automated Connect Management Disabled") | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	// Setup update secrets task | 	// Setup update secrets task | ||||||
| 	updatedSecretsPoller := op.NewManager(mgr.GetClient(), opConnectClient, shouldAutoRestartDeployments()) | 	updatedSecretsPoller := op.NewManager(mgr.GetClient(), opClient, shouldAutoRestartDeployments()) | ||||||
| 	done := make(chan bool) | 	done := make(chan bool) | ||||||
| 	ticker := time.NewTicker(getPollingIntervalForUpdatingSecrets()) | 	ticker := time.NewTicker(getPollingIntervalForUpdatingSecrets()) | ||||||
| 	go func() { | 	go func(ctx context.Context) { | ||||||
| 		for { | 		for { | ||||||
| 			select { | 			select { | ||||||
| 			case <-done: | 			case <-done: | ||||||
| 				ticker.Stop() | 				ticker.Stop() | ||||||
| 				return | 				return | ||||||
| 			case <-ticker.C: | 			case <-ticker.C: | ||||||
| 				err := updatedSecretsPoller.UpdateKubernetesSecretsTask() | 				err := updatedSecretsPoller.UpdateKubernetesSecretsTask(ctx) | ||||||
| 				if err != nil { | 				if err != nil { | ||||||
| 					setupLog.Error(err, "error running update kubernetes secret task") | 					setupLog.Error(err, "error running update kubernetes secret task") | ||||||
| 				} | 				} | ||||||
| 			} | 			} | ||||||
| 		} | 		} | ||||||
| 	}() | 	}(ctx) | ||||||
| 
 | 
 | ||||||
| 	if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil { | 	if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil { | ||||||
| 		setupLog.Error(err, "unable to set up health check") | 		setupLog.Error(err, "unable to set up health check") | ||||||
| @@ -225,7 +236,7 @@ func main() { | |||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	setupLog.Info("starting manager") | 	setupLog.Info("starting manager") | ||||||
| 	if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil { | 	if err := mgr.Start(ctx); err != nil { | ||||||
| 		setupLog.Error(err, "problem running manager") | 		setupLog.Error(err, "problem running manager") | ||||||
| 		os.Exit(1) | 		os.Exit(1) | ||||||
| 	} | 	} | ||||||
| @@ -39,6 +39,7 @@ spec: | |||||||
|           resources: |           resources: | ||||||
|             limits: |             limits: | ||||||
|               memory: "128Mi" |               memory: "128Mi" | ||||||
|  |             requests: | ||||||
|               cpu: "0.2" |               cpu: "0.2" | ||||||
|           ports: |           ports: | ||||||
|             - containerPort: 8080 |             - containerPort: 8080 | ||||||
| @@ -58,6 +59,7 @@ spec: | |||||||
|           resources: |           resources: | ||||||
|             limits: |             limits: | ||||||
|               memory: "128Mi" |               memory: "128Mi" | ||||||
|  |             requests: | ||||||
|               cpu: "0.2" |               cpu: "0.2" | ||||||
|           ports: |           ports: | ||||||
|             - containerPort: 8081 |             - containerPort: 8081 | ||||||
|   | |||||||
| @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 | |||||||
| kind: CustomResourceDefinition | kind: CustomResourceDefinition | ||||||
| metadata: | metadata: | ||||||
|   annotations: |   annotations: | ||||||
|     controller-gen.kubebuilder.io/version: v0.9.2 |     controller-gen.kubebuilder.io/version: v0.14.0 | ||||||
|   creationTimestamp: null |  | ||||||
|   name: onepassworditems.onepassword.com |   name: onepassworditems.onepassword.com | ||||||
| spec: | spec: | ||||||
|   group: onepassword.com |   group: onepassword.com | ||||||
| @@ -21,14 +20,19 @@ spec: | |||||||
|         description: OnePasswordItem is the Schema for the onepassworditems API |         description: OnePasswordItem is the Schema for the onepassworditems API | ||||||
|         properties: |         properties: | ||||||
|           apiVersion: |           apiVersion: | ||||||
|             description: 'APIVersion defines the versioned schema of this representation |             description: |- | ||||||
|               of an object. Servers should convert recognized schemas to the latest |               APIVersion defines the versioned schema of this representation of an object. | ||||||
|               internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' |               Servers should convert recognized schemas to the latest internal value, and | ||||||
|  |               may reject unrecognized values. | ||||||
|  |               More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources | ||||||
|             type: string |             type: string | ||||||
|           kind: |           kind: | ||||||
|             description: 'Kind is a string value representing the REST resource this |             description: |- | ||||||
|               object represents. Servers may infer this from the endpoint the client |               Kind is a string value representing the REST resource this object represents. | ||||||
|               submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' |               Servers may infer this from the endpoint the client submits requests to. | ||||||
|  |               Cannot be updated. | ||||||
|  |               In CamelCase. | ||||||
|  |               More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | ||||||
|             type: string |             type: string | ||||||
|           metadata: |           metadata: | ||||||
|             type: object |             type: object | ||||||
|   | |||||||
| @@ -5,17 +5,19 @@ resources: | |||||||
| - bases/onepassword.com_onepassworditems.yaml | - bases/onepassword.com_onepassworditems.yaml | ||||||
| #+kubebuilder:scaffold:crdkustomizeresource | #+kubebuilder:scaffold:crdkustomizeresource | ||||||
|  |  | ||||||
| patchesStrategicMerge: | patches: | ||||||
| # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. | # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. | ||||||
| # patches here are for enabling the conversion webhook for each CRD | # patches here are for enabling the conversion webhook for each CRD | ||||||
| #- patches/webhook_in_onepassworditems.yaml | #- path: patches/webhook_in_onepassworditems.yaml | ||||||
| #+kubebuilder:scaffold:crdkustomizewebhookpatch | #+kubebuilder:scaffold:crdkustomizewebhookpatch | ||||||
|  |  | ||||||
| # [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix. | # [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix. | ||||||
| # patches here are for enabling the CA injection for each CRD | # patches here are for enabling the CA injection for each CRD | ||||||
| #- patches/cainjection_in_onepassworditems.yaml | #- path: patches/cainjection_in_onepassworditems.yaml | ||||||
| #+kubebuilder:scaffold:crdkustomizecainjectionpatch | #+kubebuilder:scaffold:crdkustomizecainjectionpatch | ||||||
|  |  | ||||||
|  | # [WEBHOOK] To enable webhook, uncomment the following section | ||||||
| # the following config is for teaching kustomize how to do kustomization for CRDs. | # the following config is for teaching kustomize how to do kustomization for CRDs. | ||||||
| configurations: |  | ||||||
| - kustomizeconfig.yaml | #configurations: | ||||||
|  | #- kustomizeconfig.yaml | ||||||
|   | |||||||
| @@ -1,3 +1,6 @@ | |||||||
|  | # Adds namespace to all resources. | ||||||
|  | # namespace: onepassword-connect-operator | ||||||
|  |  | ||||||
| # Value of this field is prepended to the | # Value of this field is prepended to the | ||||||
| # names of all resources, e.g. a deployment named | # names of all resources, e.g. a deployment named | ||||||
| # "wordpress" becomes "alices-wordpress". | # "wordpress" becomes "alices-wordpress". | ||||||
| @@ -23,24 +26,20 @@ resources: | |||||||
| # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. | # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. | ||||||
| #- ../prometheus | #- ../prometheus | ||||||
|  |  | ||||||
| patchesStrategicMerge: | patches: | ||||||
| # Protect the /metrics endpoint by putting it behind auth. | # Protect the /metrics endpoint by putting it behind auth. | ||||||
| # If you want your controller-manager to expose the /metrics | # If you want your controller-manager to expose the /metrics | ||||||
| # endpoint w/o any authn/z, please comment the following line. | # endpoint w/o any authn/z, please comment the following line. | ||||||
| - manager_auth_proxy_patch.yaml | - path: manager_auth_proxy_patch.yaml | ||||||
|  |  | ||||||
| # Mount the controller config file for loading manager configurations |  | ||||||
| # through a ComponentConfig type |  | ||||||
| #- manager_config_patch.yaml |  | ||||||
|  |  | ||||||
| # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in | # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in | ||||||
| # crd/kustomization.yaml | # crd/kustomization.yaml | ||||||
| #- manager_webhook_patch.yaml | #- path: manager_webhook_patch.yaml | ||||||
|  |  | ||||||
| # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. | # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. | ||||||
| # Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks. | # Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks. | ||||||
| # 'CERTMANAGER' needs to be enabled to use ca injection | # 'CERTMANAGER' needs to be enabled to use ca injection | ||||||
| #- webhookcainjection_patch.yaml | #- path: webhookcainjection_patch.yaml | ||||||
|  |  | ||||||
| # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix. | # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix. | ||||||
| # Uncomment the following replacements to add the cert-manager CA injection annotations | # Uncomment the following replacements to add the cert-manager CA injection annotations | ||||||
|   | |||||||
| @@ -17,7 +17,7 @@ spec: | |||||||
|           capabilities: |           capabilities: | ||||||
|             drop: |             drop: | ||||||
|               - "ALL" |               - "ALL" | ||||||
|         image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1 |         image: gcr.io/kubebuilder/kube-rbac-proxy:v0.15.0 | ||||||
|         args: |         args: | ||||||
|         - "--secure-listen-address=0.0.0.0:8443" |         - "--secure-listen-address=0.0.0.0:8443" | ||||||
|         - "--upstream=http://127.0.0.1:8080/" |         - "--upstream=http://127.0.0.1:8080/" | ||||||
|   | |||||||
| @@ -6,17 +6,5 @@ metadata: | |||||||
| spec: | spec: | ||||||
|   template: |   template: | ||||||
|     spec: |     spec: | ||||||
|       securityContext: |  | ||||||
|         runAsNonRoot: true |  | ||||||
|       containers: |       containers: | ||||||
|       - name: manager |       - name: manager | ||||||
|         args: |  | ||||||
|         - "--config=controller_manager_config.yaml" |  | ||||||
|         volumeMounts: |  | ||||||
|         - name: manager-config |  | ||||||
|           mountPath: /controller_manager_config.yaml |  | ||||||
|           subPath: controller_manager_config.yaml |  | ||||||
|       volumes: |  | ||||||
|       - name: manager-config |  | ||||||
|         configMap: |  | ||||||
|           name: manager-config |  | ||||||
|   | |||||||
| @@ -1,21 +0,0 @@ | |||||||
| apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 |  | ||||||
| kind: ControllerManagerConfig |  | ||||||
| health: |  | ||||||
|   healthProbeBindAddress: :8081 |  | ||||||
| metrics: |  | ||||||
|   bindAddress: 127.0.0.1:8080 |  | ||||||
| webhook: |  | ||||||
|   port: 9443 |  | ||||||
| leaderElection: |  | ||||||
|   leaderElect: true |  | ||||||
|   resourceName: c26807fd.onepassword.com |  | ||||||
| # leaderElectionReleaseOnCancel defines if the leader should step down volume |  | ||||||
| # when the Manager ends. This requires the binary to immediately end when the |  | ||||||
| # Manager is stopped, otherwise, this setting is unsafe. Setting this significantly |  | ||||||
| # speeds up voluntary leader transitions as the new leader don't have to wait |  | ||||||
| # LeaseDuration time first. |  | ||||||
| # In the default scaffold provided, the program ends immediately after |  | ||||||
| # the manager stops, so would be fine to enable this option. However, |  | ||||||
| # if you are doing or is intended to do any operation such as perform cleanups |  | ||||||
| # after the manager stops then its usage might be unsafe. |  | ||||||
| # leaderElectionReleaseOnCancel: true |  | ||||||
| @@ -1,10 +1,8 @@ | |||||||
| resources: | resources: | ||||||
| - manager.yaml | - manager.yaml | ||||||
|  | apiVersion: kustomize.config.k8s.io/v1beta1 | ||||||
| generatorOptions: | kind: Kustomization | ||||||
|   disableNameSuffixHash: true | images: | ||||||
|  | - name: controller | ||||||
| configMapGenerator: |   newName: 1password/onepassword-operator | ||||||
| - name: manager-config |   newTag: latest | ||||||
|   files: |  | ||||||
|   - controller_manager_config.yaml |  | ||||||
|   | |||||||
| @@ -1,14 +1,34 @@ | |||||||
|  | apiVersion: v1 | ||||||
|  | kind: Namespace | ||||||
|  | metadata: | ||||||
|  |   labels: | ||||||
|  |     control-plane: onepassword-connect-operator | ||||||
|  |     app.kubernetes.io/name: namespace | ||||||
|  |     app.kubernetes.io/instance: system | ||||||
|  |     app.kubernetes.io/component: manager | ||||||
|  |     app.kubernetes.io/created-by: onepassword-connect-operator | ||||||
|  |     app.kubernetes.io/part-of: onepassword-connect-operator | ||||||
|  |     app.kubernetes.io/managed-by: kustomize | ||||||
|  |   name: system | ||||||
|  | --- | ||||||
| apiVersion: apps/v1 | apiVersion: apps/v1 | ||||||
| kind: Deployment | kind: Deployment | ||||||
| metadata: | metadata: | ||||||
|   name: onepassword-connect-operator |   name: onepassword-connect-operator | ||||||
|   namespace: system |   namespace: system | ||||||
|   labels: |   labels: | ||||||
|     name: onepassword-connect-operator |     control-plane: controller-manager | ||||||
|  |     app.kubernetes.io/name: deployment | ||||||
|  |     app.kubernetes.io/instance: controller-manager | ||||||
|  |     app.kubernetes.io/component: manager | ||||||
|  |     app.kubernetes.io/created-by: onepassword-connect-operator | ||||||
|  |     app.kubernetes.io/part-of: onepassword-connect-operator | ||||||
|  |     app.kubernetes.io/managed-by: kustomize | ||||||
| spec: | spec: | ||||||
|   selector: |   selector: | ||||||
|     matchLabels: |     matchLabels: | ||||||
|       name: onepassword-connect-operator |       name: onepassword-connect-operator | ||||||
|  |       control-plane: onepassword-connect-operator | ||||||
|   replicas: 1 |   replicas: 1 | ||||||
|   template: |   template: | ||||||
|     metadata: |     metadata: | ||||||
| @@ -16,7 +36,28 @@ spec: | |||||||
|         kubectl.kubernetes.io/default-container: manager |         kubectl.kubernetes.io/default-container: manager | ||||||
|       labels: |       labels: | ||||||
|         name: onepassword-connect-operator |         name: onepassword-connect-operator | ||||||
|  |         control-plane: onepassword-connect-operator | ||||||
|     spec: |     spec: | ||||||
|  |       # TODO(user): Uncomment the following code to configure the nodeAffinity expression | ||||||
|  |       # according to the platforms which are supported by your solution. | ||||||
|  |       # It is considered best practice to support multiple architectures. You can | ||||||
|  |       # build your manager image using the makefile target docker-buildx. | ||||||
|  |       # affinity: | ||||||
|  |       #   nodeAffinity: | ||||||
|  |       #     requiredDuringSchedulingIgnoredDuringExecution: | ||||||
|  |       #       nodeSelectorTerms: | ||||||
|  |       #         - matchExpressions: | ||||||
|  |       #           - key: kubernetes.io/arch | ||||||
|  |       #             operator: In | ||||||
|  |       #             values: | ||||||
|  |       #               - amd64 | ||||||
|  |       #               - arm64 | ||||||
|  |       #               - ppc64le | ||||||
|  |       #               - s390x | ||||||
|  |       #           - key: kubernetes.io/os | ||||||
|  |       #             operator: In | ||||||
|  |       #             values: | ||||||
|  |       #               - linux | ||||||
|       securityContext: |       securityContext: | ||||||
|         runAsNonRoot: true |         runAsNonRoot: true | ||||||
|         # TODO(user): For common cases that do not require escalating privileges |         # TODO(user): For common cases that do not require escalating privileges | ||||||
| @@ -34,25 +75,33 @@ spec: | |||||||
|         image: 1password/onepassword-operator:latest |         image: 1password/onepassword-operator:latest | ||||||
|         name: manager |         name: manager | ||||||
|         env: |         env: | ||||||
|           - name: WATCH_NAMESPACE |           - name: OPERATOR_NAME | ||||||
|             value: "default" |             value: "onepassword-connect-operator" | ||||||
|           - name: POD_NAME |           - name: POD_NAME | ||||||
|             valueFrom: |             valueFrom: | ||||||
|               fieldRef: |               fieldRef: | ||||||
|                 fieldPath: metadata.name |                 fieldPath: metadata.name | ||||||
|           - name: OPERATOR_NAME |           - name: WATCH_NAMESPACE | ||||||
|             value: "onepassword-connect-operator" |             value: "default" | ||||||
|           - name: OP_CONNECT_HOST |  | ||||||
|             value: "http://onepassword-connect:8080" |  | ||||||
|           - name: POLLING_INTERVAL |           - name: POLLING_INTERVAL | ||||||
|             value: "10" |             value: "10" | ||||||
|  |           - name: AUTO_RESTART | ||||||
|  |             value: "false" | ||||||
|  |           - name: OP_CONNECT_HOST | ||||||
|  |             value: "http://onepassword-connect:8080" | ||||||
|           - name: OP_CONNECT_TOKEN |           - name: OP_CONNECT_TOKEN | ||||||
|             valueFrom: |             valueFrom: | ||||||
|               secretKeyRef: |               secretKeyRef: | ||||||
|                 name: onepassword-token |                 name: onepassword-token | ||||||
|                 key: token |                 key: token | ||||||
|           - name: AUTO_RESTART |           - name: MANAGE_CONNECT | ||||||
|             value: "false" |             value: "false" | ||||||
|  | #            Uncomment the following lines to enable service account token and comment out the OP_CONNECT_TOKEN, OP_CONNECT_HOST and MANAGE_CONNECT env vars. | ||||||
|  | #          - name: OP_SERVICE_ACCOUNT_TOKEN | ||||||
|  | #            valueFrom: | ||||||
|  | #              secretKeyRef: | ||||||
|  | #                name: onepassword-service-account-token | ||||||
|  | #                key: token | ||||||
|         securityContext: |         securityContext: | ||||||
|           allowPrivilegeEscalation: false |           allowPrivilegeEscalation: false | ||||||
|           capabilities: |           capabilities: | ||||||
| @@ -75,9 +124,9 @@ spec: | |||||||
|         resources: |         resources: | ||||||
|           limits: |           limits: | ||||||
|             cpu: 500m |             cpu: 500m | ||||||
|             memory: 128Mi |             memory: 512Mi | ||||||
|           requests: |           requests: | ||||||
|             cpu: 10m |             cpu: 100m | ||||||
|             memory: 64Mi |             memory: 128Mi | ||||||
|       serviceAccountName: onepassword-connect-operator |       serviceAccountName: onepassword-connect-operator | ||||||
|       terminationGracePeriodSeconds: 10 |       terminationGracePeriodSeconds: 10 | ||||||
|   | |||||||
| @@ -1,10 +1,16 @@ | |||||||
|  |  | ||||||
| # Prometheus Monitor Service (Metrics) | # Prometheus Monitor Service (Metrics) | ||||||
| apiVersion: monitoring.coreos.com/v1 | apiVersion: monitoring.coreos.com/v1 | ||||||
| kind: ServiceMonitor | kind: ServiceMonitor | ||||||
| metadata: | metadata: | ||||||
|   labels: |   labels: | ||||||
|     name: onepassword-connect-operator |     name: onepassword-connect-operator | ||||||
|  |     control-plane: onepassword-connect-operator | ||||||
|  |     app.kubernetes.io/name: servicemonitor | ||||||
|  |     app.kubernetes.io/instance: controller-manager-metrics-monitor | ||||||
|  |     app.kubernetes.io/component: metrics | ||||||
|  |     app.kubernetes.io/created-by: onepassword-connect-operator | ||||||
|  |     app.kubernetes.io/part-of: onepassword-connect-operator | ||||||
|  |     app.kubernetes.io/managed-by: kustomize | ||||||
|   name: onepassword-connect-operator-metrics-monitor |   name: onepassword-connect-operator-metrics-monitor | ||||||
|   namespace: system |   namespace: system | ||||||
| spec: | spec: | ||||||
| @@ -18,3 +24,4 @@ spec: | |||||||
|   selector: |   selector: | ||||||
|     matchLabels: |     matchLabels: | ||||||
|       name: onepassword-connect-operator |       name: onepassword-connect-operator | ||||||
|  |       control-plane: onepassword-connect-operator | ||||||
|   | |||||||
| @@ -1,6 +1,13 @@ | |||||||
| apiVersion: rbac.authorization.k8s.io/v1 | apiVersion: rbac.authorization.k8s.io/v1 | ||||||
| kind: ClusterRole | kind: ClusterRole | ||||||
| metadata: | metadata: | ||||||
|  |   labels: | ||||||
|  |     app.kubernetes.io/name: clusterrole | ||||||
|  |     app.kubernetes.io/instance: metrics-reader | ||||||
|  |     app.kubernetes.io/component: kube-rbac-proxy | ||||||
|  |     app.kubernetes.io/created-by: onepassword-connect-operator | ||||||
|  |     app.kubernetes.io/part-of: onepassword-connect-operator | ||||||
|  |     app.kubernetes.io/managed-by: kustomize | ||||||
|   name: metrics-reader |   name: metrics-reader | ||||||
| rules: | rules: | ||||||
| - nonResourceURLs: | - nonResourceURLs: | ||||||
|   | |||||||
| @@ -1,6 +1,13 @@ | |||||||
| apiVersion: rbac.authorization.k8s.io/v1 | apiVersion: rbac.authorization.k8s.io/v1 | ||||||
| kind: ClusterRole | kind: ClusterRole | ||||||
| metadata: | metadata: | ||||||
|  |   labels: | ||||||
|  |     app.kubernetes.io/name: clusterrole | ||||||
|  |     app.kubernetes.io/instance: proxy-role | ||||||
|  |     app.kubernetes.io/component: kube-rbac-proxy | ||||||
|  |     app.kubernetes.io/created-by: onepassword-connect-operator | ||||||
|  |     app.kubernetes.io/part-of: onepassword-connect-operator | ||||||
|  |     app.kubernetes.io/managed-by: kustomize | ||||||
|   name: proxy-role |   name: proxy-role | ||||||
| rules: | rules: | ||||||
| - apiGroups: | - apiGroups: | ||||||
|   | |||||||
| @@ -1,6 +1,13 @@ | |||||||
| apiVersion: rbac.authorization.k8s.io/v1 | apiVersion: rbac.authorization.k8s.io/v1 | ||||||
| kind: ClusterRoleBinding | kind: ClusterRoleBinding | ||||||
| metadata: | metadata: | ||||||
|  |   labels: | ||||||
|  |     app.kubernetes.io/name: clusterrolebinding | ||||||
|  |     app.kubernetes.io/instance: proxy-rolebinding | ||||||
|  |     app.kubernetes.io/component: kube-rbac-proxy | ||||||
|  |     app.kubernetes.io/created-by: onepassword-connect-operator | ||||||
|  |     app.kubernetes.io/part-of: onepassword-connect-operator | ||||||
|  |     app.kubernetes.io/managed-by: kustomize | ||||||
|   name: proxy-rolebinding |   name: proxy-rolebinding | ||||||
| roleRef: | roleRef: | ||||||
|   apiGroup: rbac.authorization.k8s.io |   apiGroup: rbac.authorization.k8s.io | ||||||
|   | |||||||
| @@ -3,6 +3,13 @@ kind: Service | |||||||
| metadata: | metadata: | ||||||
|   labels: |   labels: | ||||||
|     name: onepassword-connect-operator |     name: onepassword-connect-operator | ||||||
|  |     control-plane: onepassword-connect-operator | ||||||
|  |     app.kubernetes.io/name: service | ||||||
|  |     app.kubernetes.io/instance: controller-manager-metrics-service | ||||||
|  |     app.kubernetes.io/component: kube-rbac-proxy | ||||||
|  |     app.kubernetes.io/created-by: onepassword-connect-operator | ||||||
|  |     app.kubernetes.io/part-of: onepassword-connect-operator | ||||||
|  |     app.kubernetes.io/managed-by: kustomize | ||||||
|   name: onepassword-connect-operator-metrics-service |   name: onepassword-connect-operator-metrics-service | ||||||
|   namespace: system |   namespace: system | ||||||
| spec: | spec: | ||||||
| @@ -13,3 +20,4 @@ spec: | |||||||
|     targetPort: https |     targetPort: https | ||||||
|   selector: |   selector: | ||||||
|     name: onepassword-connect-operator |     name: onepassword-connect-operator | ||||||
|  |     control-plane: onepassword-connect-operator | ||||||
|   | |||||||
| @@ -2,6 +2,13 @@ | |||||||
| apiVersion: rbac.authorization.k8s.io/v1 | apiVersion: rbac.authorization.k8s.io/v1 | ||||||
| kind: Role | kind: Role | ||||||
| metadata: | metadata: | ||||||
|  |   labels: | ||||||
|  |     app.kubernetes.io/name: role | ||||||
|  |     app.kubernetes.io/instance: leader-election-role | ||||||
|  |     app.kubernetes.io/component: rbac | ||||||
|  |     app.kubernetes.io/created-by: onepassword-connect-operator | ||||||
|  |     app.kubernetes.io/part-of: onepassword-connect-operator | ||||||
|  |     app.kubernetes.io/managed-by: kustomize | ||||||
|   name: leader-election-role |   name: leader-election-role | ||||||
| rules: | rules: | ||||||
| - apiGroups: | - apiGroups: | ||||||
|   | |||||||
| @@ -1,6 +1,13 @@ | |||||||
| apiVersion: rbac.authorization.k8s.io/v1 | apiVersion: rbac.authorization.k8s.io/v1 | ||||||
| kind: RoleBinding | kind: RoleBinding | ||||||
| metadata: | metadata: | ||||||
|  |   labels: | ||||||
|  |     app.kubernetes.io/name: rolebinding | ||||||
|  |     app.kubernetes.io/instance: leader-election-rolebinding | ||||||
|  |     app.kubernetes.io/component: rbac | ||||||
|  |     app.kubernetes.io/created-by: onepassword-connect-operator | ||||||
|  |     app.kubernetes.io/part-of: onepassword-connect-operator | ||||||
|  |     app.kubernetes.io/managed-by: kustomize | ||||||
|   name: leader-election-rolebinding |   name: leader-election-rolebinding | ||||||
| roleRef: | roleRef: | ||||||
|   apiGroup: rbac.authorization.k8s.io |   apiGroup: rbac.authorization.k8s.io | ||||||
|   | |||||||
| @@ -2,6 +2,13 @@ | |||||||
| apiVersion: rbac.authorization.k8s.io/v1 | apiVersion: rbac.authorization.k8s.io/v1 | ||||||
| kind: ClusterRole | kind: ClusterRole | ||||||
| metadata: | metadata: | ||||||
|  |   labels: | ||||||
|  |     app.kubernetes.io/name: clusterrole | ||||||
|  |     app.kubernetes.io/instance: onepassworditem-editor-role | ||||||
|  |     app.kubernetes.io/component: rbac | ||||||
|  |     app.kubernetes.io/created-by: onepassword-connect-operator | ||||||
|  |     app.kubernetes.io/part-of: onepassword-connect-operator | ||||||
|  |     app.kubernetes.io/managed-by: kustomize | ||||||
|   name: onepassworditem-editor-role |   name: onepassworditem-editor-role | ||||||
| rules: | rules: | ||||||
| - apiGroups: | - apiGroups: | ||||||
|   | |||||||
| @@ -2,6 +2,13 @@ | |||||||
| apiVersion: rbac.authorization.k8s.io/v1 | apiVersion: rbac.authorization.k8s.io/v1 | ||||||
| kind: ClusterRole | kind: ClusterRole | ||||||
| metadata: | metadata: | ||||||
|  |   labels: | ||||||
|  |     app.kubernetes.io/name: clusterrole | ||||||
|  |     app.kubernetes.io/instance: onepassworditem-viewer-role | ||||||
|  |     app.kubernetes.io/component: rbac | ||||||
|  |     app.kubernetes.io/created-by: onepassword-connect-operator | ||||||
|  |     app.kubernetes.io/part-of: onepassword-connect-operator | ||||||
|  |     app.kubernetes.io/managed-by: kustomize | ||||||
|   name: onepassworditem-viewer-role |   name: onepassworditem-viewer-role | ||||||
| rules: | rules: | ||||||
| - apiGroups: | - apiGroups: | ||||||
|   | |||||||
| @@ -2,7 +2,6 @@ | |||||||
| apiVersion: rbac.authorization.k8s.io/v1 | apiVersion: rbac.authorization.k8s.io/v1 | ||||||
| kind: ClusterRole | kind: ClusterRole | ||||||
| metadata: | metadata: | ||||||
|   creationTimestamp: null |  | ||||||
|   name: manager-role |   name: manager-role | ||||||
| rules: | rules: | ||||||
| - apiGroups: | - apiGroups: | ||||||
| @@ -87,6 +86,15 @@ rules: | |||||||
|   - get |   - get | ||||||
|   - patch |   - patch | ||||||
|   - update |   - update | ||||||
|  | - apiGroups: | ||||||
|  |   - coordination.k8s.io | ||||||
|  |   resources: | ||||||
|  |   - leases | ||||||
|  |   verbs: | ||||||
|  |   - create | ||||||
|  |   - get | ||||||
|  |   - list | ||||||
|  |   - update | ||||||
| - apiGroups: | - apiGroups: | ||||||
|   - monitoring.coreos.com |   - monitoring.coreos.com | ||||||
|   resources: |   resources: | ||||||
|   | |||||||
| @@ -1,6 +1,13 @@ | |||||||
| apiVersion: rbac.authorization.k8s.io/v1 | apiVersion: rbac.authorization.k8s.io/v1 | ||||||
| kind: ClusterRoleBinding | kind: ClusterRoleBinding | ||||||
| metadata: | metadata: | ||||||
|  |   labels: | ||||||
|  |     app.kubernetes.io/name: clusterrolebinding | ||||||
|  |     app.kubernetes.io/instance: manager-rolebinding | ||||||
|  |     app.kubernetes.io/component: rbac | ||||||
|  |     app.kubernetes.io/created-by: onepassword-connect-operator | ||||||
|  |     app.kubernetes.io/part-of: onepassword-connect-operator | ||||||
|  |     app.kubernetes.io/managed-by: kustomize | ||||||
|   name: manager-rolebinding |   name: manager-rolebinding | ||||||
| roleRef: | roleRef: | ||||||
|   apiGroup: rbac.authorization.k8s.io |   apiGroup: rbac.authorization.k8s.io | ||||||
|   | |||||||
| @@ -1,5 +1,12 @@ | |||||||
| apiVersion: v1 | apiVersion: v1 | ||||||
| kind: ServiceAccount | kind: ServiceAccount | ||||||
| metadata: | metadata: | ||||||
|  |   labels: | ||||||
|  |     app.kubernetes.io/name: serviceaccount | ||||||
|  |     app.kubernetes.io/instance: controller-manager-sa | ||||||
|  |     app.kubernetes.io/component: rbac | ||||||
|  |     app.kubernetes.io/created-by: onepassword-connect-operator | ||||||
|  |     app.kubernetes.io/part-of: onepassword-connect-operator | ||||||
|  |     app.kubernetes.io/managed-by: kustomize | ||||||
|   name: onepassword-connect-operator |   name: onepassword-connect-operator | ||||||
|   namespace: system |   namespace: system | ||||||
|   | |||||||
| @@ -1,6 +1,12 @@ | |||||||
| apiVersion: onepassword.com/v1 | apiVersion: onepassword.com/v1 | ||||||
| kind: OnePasswordItem | kind: OnePasswordItem | ||||||
| metadata: | metadata: | ||||||
|  |   labels: | ||||||
|  |     app.kubernetes.io/name: onepassworditem | ||||||
|  |     app.kubernetes.io/instance: onepassworditem-sample | ||||||
|  |     app.kubernetes.io/part-of: onepassword-connect-operator | ||||||
|  |     app.kubernetes.io/managed-by: kustomize | ||||||
|  |     app.kubernetes.io/created-by: onepassword-connect-operator | ||||||
|   name: onepassworditem-sample |   name: onepassworditem-sample | ||||||
| spec: | spec: | ||||||
|   itemPath: "vaults/<vault_id>/items/<item_id>" |   itemPath: "vaults/<vault_id>/items/<item_id>" | ||||||
|   | |||||||
| @@ -4,7 +4,7 @@ | |||||||
|     entrypoint: |     entrypoint: | ||||||
|     - scorecard-test |     - scorecard-test | ||||||
|     - basic-check-spec |     - basic-check-spec | ||||||
|     image: quay.io/operator-framework/scorecard-test:v1.23.0 |     image: quay.io/operator-framework/scorecard-test:v1.33.0 | ||||||
|     labels: |     labels: | ||||||
|       suite: basic |       suite: basic | ||||||
|       test: basic-check-spec-test |       test: basic-check-spec-test | ||||||
|   | |||||||
| @@ -4,7 +4,7 @@ | |||||||
|     entrypoint: |     entrypoint: | ||||||
|     - scorecard-test |     - scorecard-test | ||||||
|     - olm-bundle-validation |     - olm-bundle-validation | ||||||
|     image: quay.io/operator-framework/scorecard-test:v1.23.0 |     image: quay.io/operator-framework/scorecard-test:v1.33.0 | ||||||
|     labels: |     labels: | ||||||
|       suite: olm |       suite: olm | ||||||
|       test: olm-bundle-validation-test |       test: olm-bundle-validation-test | ||||||
| @@ -14,7 +14,7 @@ | |||||||
|     entrypoint: |     entrypoint: | ||||||
|     - scorecard-test |     - scorecard-test | ||||||
|     - olm-crds-have-validation |     - olm-crds-have-validation | ||||||
|     image: quay.io/operator-framework/scorecard-test:v1.23.0 |     image: quay.io/operator-framework/scorecard-test:v1.33.0 | ||||||
|     labels: |     labels: | ||||||
|       suite: olm |       suite: olm | ||||||
|       test: olm-crds-have-validation-test |       test: olm-crds-have-validation-test | ||||||
| @@ -24,7 +24,7 @@ | |||||||
|     entrypoint: |     entrypoint: | ||||||
|     - scorecard-test |     - scorecard-test | ||||||
|     - olm-crds-have-resources |     - olm-crds-have-resources | ||||||
|     image: quay.io/operator-framework/scorecard-test:v1.23.0 |     image: quay.io/operator-framework/scorecard-test:v1.33.0 | ||||||
|     labels: |     labels: | ||||||
|       suite: olm |       suite: olm | ||||||
|       test: olm-crds-have-resources-test |       test: olm-crds-have-resources-test | ||||||
| @@ -34,7 +34,7 @@ | |||||||
|     entrypoint: |     entrypoint: | ||||||
|     - scorecard-test |     - scorecard-test | ||||||
|     - olm-spec-descriptors |     - olm-spec-descriptors | ||||||
|     image: quay.io/operator-framework/scorecard-test:v1.23.0 |     image: quay.io/operator-framework/scorecard-test:v1.33.0 | ||||||
|     labels: |     labels: | ||||||
|       suite: olm |       suite: olm | ||||||
|       test: olm-spec-descriptors-test |       test: olm-spec-descriptors-test | ||||||
| @@ -44,7 +44,7 @@ | |||||||
|     entrypoint: |     entrypoint: | ||||||
|     - scorecard-test |     - scorecard-test | ||||||
|     - olm-status-descriptors |     - olm-status-descriptors | ||||||
|     image: quay.io/operator-framework/scorecard-test:v1.23.0 |     image: quay.io/operator-framework/scorecard-test:v1.33.0 | ||||||
|     labels: |     labels: | ||||||
|       suite: olm |       suite: olm | ||||||
|       test: olm-status-descriptors-test |       test: olm-status-descriptors-test | ||||||
|   | |||||||
							
								
								
									
										108
									
								
								go.mod
									
									
									
									
									
								
							
							
						
						
									
										108
									
								
								go.mod
									
									
									
									
									
								
							| @@ -1,81 +1,91 @@ | |||||||
| module github.com/1Password/onepassword-operator | module github.com/1Password/onepassword-operator | ||||||
|  |  | ||||||
| go 1.20 | go 1.24 | ||||||
|  |  | ||||||
|  | toolchain go1.24.4 | ||||||
|  |  | ||||||
| require ( | require ( | ||||||
| 	github.com/1Password/connect-sdk-go v1.5.1 | 	github.com/1Password/connect-sdk-go v1.5.3 | ||||||
| 	github.com/onsi/ginkgo/v2 v2.9.2 | 	github.com/1password/onepassword-sdk-go v0.3.1 | ||||||
| 	github.com/onsi/gomega v1.27.5 | 	github.com/go-logr/logr v1.4.2 | ||||||
| 	github.com/stretchr/testify v1.8.2 | 	github.com/onsi/ginkgo/v2 v2.14.0 | ||||||
| 	k8s.io/api v0.26.3 | 	github.com/onsi/gomega v1.30.0 | ||||||
| 	k8s.io/apimachinery v0.26.3 | 	github.com/stretchr/testify v1.10.0 | ||||||
| 	k8s.io/client-go v0.26.3 | 	k8s.io/api v0.29.3 | ||||||
| 	k8s.io/kubectl v0.26.3 | 	k8s.io/apimachinery v0.29.3 | ||||||
| 	sigs.k8s.io/controller-runtime v0.14.5 | 	k8s.io/client-go v0.29.3 | ||||||
|  | 	k8s.io/kubectl v0.29.0 | ||||||
|  | 	sigs.k8s.io/controller-runtime v0.17.2 | ||||||
| ) | ) | ||||||
|  |  | ||||||
| require ( | require ( | ||||||
| 	github.com/beorn7/perks v1.0.1 // indirect | 	github.com/beorn7/perks v1.0.1 // indirect | ||||||
| 	github.com/cespare/xxhash/v2 v2.2.0 // indirect | 	github.com/cespare/xxhash/v2 v2.2.0 // indirect | ||||||
| 	github.com/davecgh/go-spew v1.1.1 // indirect | 	github.com/davecgh/go-spew v1.1.1 // indirect | ||||||
| 	github.com/emicklei/go-restful/v3 v3.10.2 // indirect | 	github.com/dylibso/observe-sdk/go v0.0.0-20240819160327-2d926c5d788a // indirect | ||||||
|  | 	github.com/emicklei/go-restful/v3 v3.12.0 // indirect | ||||||
| 	github.com/evanphx/json-patch v5.6.0+incompatible // indirect | 	github.com/evanphx/json-patch v5.6.0+incompatible // indirect | ||||||
| 	github.com/evanphx/json-patch/v5 v5.6.0 // indirect | 	github.com/evanphx/json-patch/v5 v5.9.0 // indirect | ||||||
| 	github.com/fsnotify/fsnotify v1.6.0 // indirect | 	github.com/extism/go-sdk v1.7.0 // indirect | ||||||
| 	github.com/go-logr/logr v1.2.3 // indirect | 	github.com/fsnotify/fsnotify v1.7.0 // indirect | ||||||
| 	github.com/go-logr/zapr v1.2.3 // indirect | 	github.com/go-logr/zapr v1.3.0 // indirect | ||||||
| 	github.com/go-openapi/jsonpointer v0.19.6 // indirect | 	github.com/go-openapi/jsonpointer v0.21.0 // indirect | ||||||
| 	github.com/go-openapi/jsonreference v0.20.2 // indirect | 	github.com/go-openapi/jsonreference v0.21.0 // indirect | ||||||
| 	github.com/go-openapi/swag v0.22.3 // indirect | 	github.com/go-openapi/swag v0.23.0 // indirect | ||||||
| 	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect | 	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect | ||||||
|  | 	github.com/gobwas/glob v0.2.3 // indirect | ||||||
| 	github.com/gogo/protobuf v1.3.2 // indirect | 	github.com/gogo/protobuf v1.3.2 // indirect | ||||||
| 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect | 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect | ||||||
| 	github.com/golang/protobuf v1.5.3 // indirect | 	github.com/golang/protobuf v1.5.4 // indirect | ||||||
| 	github.com/google/gnostic v0.6.9 // indirect | 	github.com/google/gnostic-models v0.6.8 // indirect | ||||||
| 	github.com/google/go-cmp v0.5.9 // indirect | 	github.com/google/go-cmp v0.6.0 // indirect | ||||||
| 	github.com/google/gofuzz v1.2.0 // indirect | 	github.com/google/gofuzz v1.2.0 // indirect | ||||||
| 	github.com/google/pprof v0.0.0-20230323073829-e72429f035bd // indirect | 	github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect | ||||||
| 	github.com/google/uuid v1.3.0 // indirect | 	github.com/google/uuid v1.6.0 // indirect | ||||||
| 	github.com/imdario/mergo v0.3.15 // indirect | 	github.com/ianlancetaylor/demangle v0.0.0-20240805132620-81f5be970eca // indirect | ||||||
|  | 	github.com/imdario/mergo v0.3.16 // indirect | ||||||
| 	github.com/josharian/intern v1.0.0 // indirect | 	github.com/josharian/intern v1.0.0 // indirect | ||||||
| 	github.com/json-iterator/go v1.1.12 // indirect | 	github.com/json-iterator/go v1.1.12 // indirect | ||||||
| 	github.com/mailru/easyjson v0.7.7 // indirect | 	github.com/mailru/easyjson v0.7.7 // indirect | ||||||
| 	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect |  | ||||||
| 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect | 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect | ||||||
| 	github.com/modern-go/reflect2 v1.0.2 // indirect | 	github.com/modern-go/reflect2 v1.0.2 // indirect | ||||||
| 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect | 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect | ||||||
| 	github.com/opentracing/opentracing-go v1.2.0 // indirect | 	github.com/opentracing/opentracing-go v1.2.0 // indirect | ||||||
| 	github.com/pkg/errors v0.9.1 // indirect | 	github.com/pkg/errors v0.9.1 // indirect | ||||||
| 	github.com/pmezard/go-difflib v1.0.0 // indirect | 	github.com/pmezard/go-difflib v1.0.0 // indirect | ||||||
| 	github.com/prometheus/client_golang v1.14.0 // indirect | 	github.com/prometheus/client_golang v1.19.0 // indirect | ||||||
| 	github.com/prometheus/client_model v0.3.0 // indirect | 	github.com/prometheus/client_model v0.6.0 // indirect | ||||||
| 	github.com/prometheus/common v0.42.0 // indirect | 	github.com/prometheus/common v0.51.1 // indirect | ||||||
| 	github.com/prometheus/procfs v0.9.0 // indirect | 	github.com/prometheus/procfs v0.13.0 // indirect | ||||||
| 	github.com/spf13/pflag v1.0.5 // indirect | 	github.com/spf13/pflag v1.0.5 // indirect | ||||||
|  | 	github.com/stretchr/objx v0.5.2 // indirect | ||||||
|  | 	github.com/tetratelabs/wabin v0.0.0-20230304001439-f6f874872834 // indirect | ||||||
|  | 	github.com/tetratelabs/wazero v1.9.0 // indirect | ||||||
| 	github.com/uber/jaeger-client-go v2.30.0+incompatible // indirect | 	github.com/uber/jaeger-client-go v2.30.0+incompatible // indirect | ||||||
| 	github.com/uber/jaeger-lib v2.4.1+incompatible // indirect | 	github.com/uber/jaeger-lib v2.4.1+incompatible // indirect | ||||||
| 	go.uber.org/atomic v1.10.0 // indirect | 	go.opentelemetry.io/proto/otlp v1.3.1 // indirect | ||||||
| 	go.uber.org/multierr v1.10.0 // indirect | 	go.uber.org/atomic v1.11.0 // indirect | ||||||
| 	go.uber.org/zap v1.24.0 // indirect | 	go.uber.org/multierr v1.11.0 // indirect | ||||||
| 	golang.org/x/net v0.8.0 // indirect | 	go.uber.org/zap v1.27.0 // indirect | ||||||
| 	golang.org/x/oauth2 v0.6.0 // indirect | 	golang.org/x/exp v0.0.0-20240318143956-a85f2c67cd81 // indirect | ||||||
| 	golang.org/x/sys v0.6.0 // indirect | 	golang.org/x/net v0.41.0 // indirect | ||||||
| 	golang.org/x/term v0.6.0 // indirect | 	golang.org/x/oauth2 v0.30.0 // indirect | ||||||
| 	golang.org/x/text v0.8.0 // indirect | 	golang.org/x/sys v0.33.0 // indirect | ||||||
| 	golang.org/x/time v0.3.0 // indirect | 	golang.org/x/term v0.32.0 // indirect | ||||||
| 	golang.org/x/tools v0.7.0 // indirect | 	golang.org/x/text v0.26.0 // indirect | ||||||
| 	gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect | 	golang.org/x/time v0.5.0 // indirect | ||||||
| 	google.golang.org/appengine v1.6.7 // indirect | 	golang.org/x/tools v0.33.0 // indirect | ||||||
| 	google.golang.org/protobuf v1.30.0 // indirect | 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect | ||||||
|  | 	google.golang.org/protobuf v1.34.2 // indirect | ||||||
| 	gopkg.in/inf.v0 v0.9.1 // indirect | 	gopkg.in/inf.v0 v0.9.1 // indirect | ||||||
| 	gopkg.in/yaml.v2 v2.4.0 // indirect | 	gopkg.in/yaml.v2 v2.4.0 // indirect | ||||||
| 	gopkg.in/yaml.v3 v3.0.1 // indirect | 	gopkg.in/yaml.v3 v3.0.1 // indirect | ||||||
| 	k8s.io/apiextensions-apiserver v0.26.3 // indirect | 	k8s.io/apiextensions-apiserver v0.29.3 // indirect | ||||||
| 	k8s.io/component-base v0.26.3 // indirect | 	k8s.io/component-base v0.29.3 // indirect | ||||||
| 	k8s.io/klog/v2 v2.90.1 // indirect | 	k8s.io/klog/v2 v2.120.1 // indirect | ||||||
| 	k8s.io/kube-openapi v0.0.0-20230308215209-15aac26d736a // indirect | 	k8s.io/kube-openapi v0.0.0-20240322212309-b815d8309940 // indirect | ||||||
| 	k8s.io/utils v0.0.0-20230313181309-38a27ef9d749 // indirect | 	k8s.io/utils v0.0.0-20240310230437-4693a0247e57 // indirect | ||||||
| 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect | 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect | ||||||
| 	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect | 	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect | ||||||
| 	sigs.k8s.io/yaml v1.3.0 // indirect | 	sigs.k8s.io/yaml v1.4.0 // indirect | ||||||
| ) | ) | ||||||
|   | |||||||
							
								
								
									
										370
									
								
								go.sum
									
									
									
									
									
								
							
							
						
						
									
										370
									
								
								go.sum
									
									
									
									
									
								
							| @@ -1,123 +1,80 @@ | |||||||
| cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= | github.com/1Password/connect-sdk-go v1.5.3 h1:KyjJ+kCKj6BwB2Y8tPM1Ixg5uIS6HsB0uWA8U38p/Uk= | ||||||
| cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= | github.com/1Password/connect-sdk-go v1.5.3/go.mod h1:5rSymY4oIYtS4G3t0oMkGAXBeoYiukV3vkqlnEjIDJs= | ||||||
| github.com/1Password/connect-sdk-go v1.5.1 h1:wb9niRg4BOa+lZJjj1TOX6093VJxuOYtzqUnRpwKnvs= | github.com/1password/onepassword-sdk-go v0.3.1 h1:dz0LrYuIh/HrZ7rxr8NMymikNLBIXhyj4NBmo5Tdamc= | ||||||
| github.com/1Password/connect-sdk-go v1.5.1/go.mod h1:lKGz6DFO6qMchEQ+lDx6f9MzORTxC1HkhUdHnJ24fKs= | github.com/1password/onepassword-sdk-go v0.3.1/go.mod h1:kssODrGGqHtniqPR91ZPoCMEo79mKulKat7RaD1bunk= | ||||||
| github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= |  | ||||||
| github.com/HdrHistogram/hdrhistogram-go v1.1.2 h1:5IcZpTvzydCQeHzK4Ef/D5rrSqwxob0t8PQPMybUNFM= | github.com/HdrHistogram/hdrhistogram-go v1.1.2 h1:5IcZpTvzydCQeHzK4Ef/D5rrSqwxob0t8PQPMybUNFM= | ||||||
| github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= | github.com/HdrHistogram/hdrhistogram-go v1.1.2/go.mod h1:yDgFjdqOqDEKOvasDdhWNXYg9BVp4O+o5f6V/ehm6Oo= | ||||||
| github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= |  | ||||||
| github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8= |  | ||||||
| github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= |  | ||||||
| github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= | github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= | ||||||
| github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= | github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= | ||||||
| github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= |  | ||||||
| github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= |  | ||||||
| github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= |  | ||||||
| github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= | github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= | ||||||
| github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= | github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= | ||||||
| github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= | github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= | ||||||
| github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= | github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= | ||||||
| github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= | github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= | ||||||
| github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= |  | ||||||
| github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= |  | ||||||
| github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= | github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= | ||||||
| github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= | github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= | ||||||
| github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= | github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= | ||||||
| github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= | github.com/dylibso/observe-sdk/go v0.0.0-20240819160327-2d926c5d788a h1:UwSIFv5g5lIvbGgtf3tVwC7Ky9rmMFBp0RMs+6f6YqE= | ||||||
| github.com/emicklei/go-restful/v3 v3.10.2 h1:hIovbnmBTLjHXkqEBUz3HGpXZdM7ZrE9fJIZIqlJLqE= | github.com/dylibso/observe-sdk/go v0.0.0-20240819160327-2d926c5d788a/go.mod h1:C8DzXehI4zAbrdlbtOByKX6pfivJTBiV9Jjqv56Yd9Q= | ||||||
| github.com/emicklei/go-restful/v3 v3.10.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= | github.com/emicklei/go-restful/v3 v3.12.0 h1:y2DdzBAURM29NFF94q6RaY4vjIH1rtwDapwQtU84iWk= | ||||||
| github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= | github.com/emicklei/go-restful/v3 v3.12.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= | ||||||
| github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= |  | ||||||
| github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= |  | ||||||
| github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= |  | ||||||
| github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= |  | ||||||
| github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= |  | ||||||
| github.com/evanphx/json-patch v0.5.2/go.mod h1:ZWS5hhDbVDyob71nXKNL0+PWn6ToqBHMikGIFbs31qQ= |  | ||||||
| github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U= | github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U= | ||||||
| github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= | github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= | ||||||
| github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJCLunww= | github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= | ||||||
| github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4= | github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= | ||||||
| github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM0rVwpMwimd3F3N0= | github.com/extism/go-sdk v1.7.0 h1:yHbSa2JbcF60kjGsYiGEOcClfbknqCJchyh9TRibFWo= | ||||||
| github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY= | github.com/extism/go-sdk v1.7.0/go.mod h1:Dhuc1qcD0aqjdqJ3ZDyGdkZPEj/EHKVjbE4P+1XRMqc= | ||||||
| github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= | github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= | ||||||
| github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= | github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= | ||||||
| github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= | github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= | ||||||
| github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= | github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= | ||||||
| github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0= | github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= | ||||||
| github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= | github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= | ||||||
| github.com/go-logr/zapr v1.2.3 h1:a9vnzlIBPQBBkeaR9IuMUfmVOrQlkoC4YfPoFkX3T7A= | github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ= | ||||||
| github.com/go-logr/zapr v1.2.3/go.mod h1:eIauM6P8qSvTw5o2ez6UEAfGjQKrxQTl5EoK+Qa2oG4= | github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= | ||||||
| github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= | github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ= | ||||||
| github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= | github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4= | ||||||
| github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= | github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= | ||||||
| github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= | github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= | ||||||
| github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g= |  | ||||||
| github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= |  | ||||||
| github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= | github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= | ||||||
| github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= | github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= | ||||||
|  | github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= | ||||||
|  | github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= | ||||||
| github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= | github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= | ||||||
| github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= | github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= | ||||||
| github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= |  | ||||||
| github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= | github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= | ||||||
| github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= | github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= | ||||||
| github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= | github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= | ||||||
| github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= | github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= | ||||||
| github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= | github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= | ||||||
| github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= | github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= | ||||||
| github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= |  | ||||||
| github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= |  | ||||||
| github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= |  | ||||||
| github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= |  | ||||||
| github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= |  | ||||||
| github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= |  | ||||||
| github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= |  | ||||||
| github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= |  | ||||||
| github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= |  | ||||||
| github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= |  | ||||||
| github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= |  | ||||||
| github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= |  | ||||||
| github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= |  | ||||||
| github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= |  | ||||||
| github.com/google/gnostic v0.6.9 h1:ZK/5VhkoX835RikCHpSUJV9a+S3e1zLh59YnyWeBW+0= |  | ||||||
| github.com/google/gnostic v0.6.9/go.mod h1:Nm8234We1lq6iB9OmlgNv3nH91XLLVZHCDayfA3xq+E= |  | ||||||
| github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= |  | ||||||
| github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= |  | ||||||
| github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= |  | ||||||
| github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= |  | ||||||
| github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= |  | ||||||
| github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= |  | ||||||
| github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= |  | ||||||
| github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= | github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= | ||||||
|  | github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= | ||||||
|  | github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= | ||||||
| github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= | github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= | ||||||
| github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= | github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= | ||||||
| github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= | github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= | ||||||
| github.com/google/pprof v0.0.0-20230323073829-e72429f035bd h1:r8yyd+DJDmsUhGrRBxH5Pj7KeFK5l+Y3FsgT8keqKtk= | github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec= | ||||||
| github.com/google/pprof v0.0.0-20230323073829-e72429f035bd/go.mod h1:79YE0hCXdHag9sBkw2o+N/YnZtTkXi0UT9Nnixa5eYk= | github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= | ||||||
| github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= | github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= | ||||||
| github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= | github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= | ||||||
| github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= | github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= | ||||||
| github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= | github.com/ianlancetaylor/demangle v0.0.0-20240805132620-81f5be970eca h1:T54Ema1DU8ngI+aef9ZhAhNGQhcRTrWxVeG07F+c/Rw= | ||||||
| github.com/imdario/mergo v0.3.15 h1:M8XP7IuFNsqUx6VPK2P9OSmsYsI/YFaGil0uD21V3dM= | github.com/ianlancetaylor/demangle v0.0.0-20240805132620-81f5be970eca/go.mod h1:gx7rwoVhcfuVKG5uya9Hs3Sxj7EIvldVofAWIUtGouw= | ||||||
| github.com/imdario/mergo v0.3.15/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= | github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= | ||||||
| github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= | github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= | ||||||
| github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= | github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= | ||||||
| github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= | github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= | ||||||
| github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= | github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= | ||||||
| github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= | github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= | ||||||
| github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= | github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= | ||||||
| github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= | github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= | ||||||
| github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= | github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= | ||||||
| github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= | github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= | ||||||
| github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI= |  | ||||||
| github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= |  | ||||||
| github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= |  | ||||||
| github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= |  | ||||||
| github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= | github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= | ||||||
| github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= | github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= | ||||||
| github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= | github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= | ||||||
| github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= | github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= | ||||||
| github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= |  | ||||||
| github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= |  | ||||||
| github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= | github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= | ||||||
| github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= | github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= | ||||||
| github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= | github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= | ||||||
| @@ -125,214 +82,135 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G | |||||||
| github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= | github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= | ||||||
| github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= | github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= | ||||||
| github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= | github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= | ||||||
| github.com/onsi/ginkgo/v2 v2.9.2 h1:BA2GMJOtfGAfagzYtrAlufIP0lq6QERkFmHLMLPwFSU= | github.com/onsi/ginkgo/v2 v2.14.0 h1:vSmGj2Z5YPb9JwCWT6z6ihcUvDhuXLc3sJiqd3jMKAY= | ||||||
| github.com/onsi/ginkgo/v2 v2.9.2/go.mod h1:WHcJJG2dIlcCqVfBAwUCrJxSPFb6v4azBwgxeMeDuts= | github.com/onsi/ginkgo/v2 v2.14.0/go.mod h1:JkUdW7JkN0V6rFvsHcJ478egV3XH9NxpD27Hal/PhZw= | ||||||
| github.com/onsi/gomega v1.27.5 h1:T/X6I0RNFw/kTqgfkZPcQ5KU6vCnWNBGdtrIx2dpGeQ= | github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= | ||||||
| github.com/onsi/gomega v1.27.5/go.mod h1:PIQNjfQwkP3aQAH7lf7j87O/5FiNr+ZR8+ipb+qQlhg= | github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= | ||||||
| github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs= | github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs= | ||||||
| github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc= | github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc= | ||||||
| github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= |  | ||||||
| github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= | github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= | ||||||
| github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= | github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= | ||||||
| github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= | github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= | ||||||
| github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= | github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= | ||||||
| github.com/prometheus/client_golang v1.14.0 h1:nJdhIvne2eSX/XRAFV9PcvFFRbrjbcTUj0VP62TMhnw= | github.com/prometheus/client_golang v1.19.0 h1:ygXvpU1AoN1MhdzckN+PyD9QJOSD4x7kmXYlnfbA6JU= | ||||||
| github.com/prometheus/client_golang v1.14.0/go.mod h1:8vpkKitgIVNcqrRBWh1C4TIUQgYNtG/XQE4E/Zae36Y= | github.com/prometheus/client_golang v1.19.0/go.mod h1:ZRM9uEAypZakd+q/x7+gmsvXdURP+DABIEIjnmDdp+k= | ||||||
| github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= | github.com/prometheus/client_model v0.6.0 h1:k1v3CzpSRUTrKMppY35TLwPvxHqBu0bYgxZzqGIgaos= | ||||||
| github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4= | github.com/prometheus/client_model v0.6.0/go.mod h1:NTQHnmxFpouOD0DpvP4XujX3CdOAGQPoaGhyTchlyt8= | ||||||
| github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w= | github.com/prometheus/common v0.51.1 h1:eIjN50Bwglz6a/c3hAgSMcofL3nD+nFQkV6Dd4DsQCw= | ||||||
| github.com/prometheus/common v0.42.0 h1:EKsfXEYo4JpWMHH5cg+KOUWeuJSov1Id8zGR8eeI1YM= | github.com/prometheus/common v0.51.1/go.mod h1:lrWtQx+iDfn2mbH5GUzlH9TSHyfZpHkSiG1W7y3sF2Q= | ||||||
| github.com/prometheus/common v0.42.0/go.mod h1:xBwqVerjNdUDjgODMpudtOMwlOwf2SaTr1yjz4b7Zbc= | github.com/prometheus/procfs v0.13.0 h1:GqzLlQyfsPbaEHaQkO7tbDlriv/4o5Hudv6OXHGKX7o= | ||||||
| github.com/prometheus/procfs v0.9.0 h1:wzCHvIvM5SxWqYvwgVL7yJY8Lz3PKn49KQtpgMYJfhI= | github.com/prometheus/procfs v0.13.0/go.mod h1:cd4PFCR54QLnGKPaKGA6l+cfuNXtht43ZKY6tow0Y1g= | ||||||
| github.com/prometheus/procfs v0.9.0/go.mod h1:+pB4zwohETzFnmlpe6yd2lSc+0/46IYZRB/chUwxUZY= | github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= | ||||||
| github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= | github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= | ||||||
| github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= |  | ||||||
| github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= | github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= | ||||||
| github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= | github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= | ||||||
| github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= |  | ||||||
| github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= | github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= | ||||||
| github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= | github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= | ||||||
| github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c= | github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= | ||||||
| github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= |  | ||||||
| github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= | github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= | ||||||
| github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= |  | ||||||
| github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= |  | ||||||
| github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= | github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= | ||||||
| github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= | github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= | ||||||
| github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= | github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= | ||||||
| github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= | github.com/tetratelabs/wabin v0.0.0-20230304001439-f6f874872834 h1:ZF+QBjOI+tILZjBaFj3HgFonKXUcwgJ4djLb6i42S3Q= | ||||||
| github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= | github.com/tetratelabs/wabin v0.0.0-20230304001439-f6f874872834/go.mod h1:m9ymHTgNSEjuxvw8E7WWe4Pl4hZQHXONY8wE6dMLaRk= | ||||||
| github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8= | github.com/tetratelabs/wazero v1.9.0 h1:IcZ56OuxrtaEz8UYNRHBrUa9bYeX9oVY93KspZZBf/I= | ||||||
| github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= | github.com/tetratelabs/wazero v1.9.0/go.mod h1:TSbcXCfFP0L2FGkRPxHphadXPjo1T6W+CseNNY7EkjM= | ||||||
| github.com/uber/jaeger-client-go v2.30.0+incompatible h1:D6wyKGCecFaSRUpo8lCVbaOOb6ThwMmTEbhRwtKR97o= | github.com/uber/jaeger-client-go v2.30.0+incompatible h1:D6wyKGCecFaSRUpo8lCVbaOOb6ThwMmTEbhRwtKR97o= | ||||||
| github.com/uber/jaeger-client-go v2.30.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk= | github.com/uber/jaeger-client-go v2.30.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk= | ||||||
| github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVKhn2Um6rjCsSsg= | github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVKhn2Um6rjCsSsg= | ||||||
| github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U= | github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U= | ||||||
| github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= |  | ||||||
| github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= |  | ||||||
| github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= |  | ||||||
| github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= | github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= | ||||||
| github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= | github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= | ||||||
| go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= | go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0= | ||||||
| go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= | go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8= | ||||||
| go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ= | go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE= | ||||||
| go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= | go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= | ||||||
| go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= | go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= | ||||||
| go.uber.org/goleak v1.2.0 h1:xqgm/S+aQvhWFTtR0XK3Jvg7z8kGV8P4X14IzwN3Eqk= | go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= | ||||||
| go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= | go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= | ||||||
| go.uber.org/multierr v1.10.0 h1:S0h4aNzvfcFsC3dRF1jLoaov7oRaKqRGC/pUEJ2yvPQ= | go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= | ||||||
| go.uber.org/multierr v1.10.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= | go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= | ||||||
| go.uber.org/zap v1.19.0/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI= | go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= | ||||||
| go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60= |  | ||||||
| go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg= |  | ||||||
| golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= | golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= | ||||||
| golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= | golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= | ||||||
| golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= | golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= | ||||||
| golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= | golang.org/x/exp v0.0.0-20240318143956-a85f2c67cd81 h1:6R2FC06FonbXQ8pK11/PDFY6N6LWlf9KlzibaCapmqc= | ||||||
| golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= | golang.org/x/exp v0.0.0-20240318143956-a85f2c67cd81/go.mod h1:CQ1k9gNrJ50XIzaKCRR2hssIjF07kZFEiieALBM/ARQ= | ||||||
| golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= |  | ||||||
| golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= |  | ||||||
| golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= |  | ||||||
| golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= | golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= | ||||||
| golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= | golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= | ||||||
| golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= |  | ||||||
| golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= |  | ||||||
| golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= |  | ||||||
| golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= |  | ||||||
| golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= |  | ||||||
| golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= | golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= | ||||||
| golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= |  | ||||||
| golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= | golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= | ||||||
| golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= | golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= | ||||||
| golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= |  | ||||||
| golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= | golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= | ||||||
| golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= | golang.org/x/net v0.41.0 h1:vBTly1HeNPEn3wtREYfy4GZ/NECgw2Cnl+nK6Nz3uvw= | ||||||
| golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= | golang.org/x/net v0.41.0/go.mod h1:B/K4NNqkfmg07DQYrbwvSluqCJOOXwUjeb/5lOisjbA= | ||||||
| golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= | golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI= | ||||||
| golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= | golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU= | ||||||
| golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= |  | ||||||
| golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= |  | ||||||
| golang.org/x/oauth2 v0.6.0 h1:Lh8GPgSKBfWSwFvtuWOfeI3aAAnbXTSutYxJiOJFgIw= |  | ||||||
| golang.org/x/oauth2 v0.6.0/go.mod h1:ycmewcwgD4Rpr3eZJLSB4Kyyljb3qDh40vJ8STE5HKw= |  | ||||||
| golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= |  | ||||||
| golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= |  | ||||||
| golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= |  | ||||||
| golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= | golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= | ||||||
| golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= | golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= | ||||||
| golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= | golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= | ||||||
| golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= |  | ||||||
| golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= | golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= | ||||||
| golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= | golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= | ||||||
| golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= | golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= | ||||||
| golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= | golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= | ||||||
| golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= | golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw= | ||||||
| golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= | golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= | ||||||
| golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= | golang.org/x/term v0.32.0 h1:DR4lr0TjUs3epypdhTOkMmuF5CDFJ/8pOnbzMZPQ7bg= | ||||||
| golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= | golang.org/x/term v0.32.0/go.mod h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ= | ||||||
| golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= |  | ||||||
| golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ= |  | ||||||
| golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= |  | ||||||
| golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= |  | ||||||
| golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw= |  | ||||||
| golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= |  | ||||||
| golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= | golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= | ||||||
| golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= |  | ||||||
| golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= | golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= | ||||||
| golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= | golang.org/x/text v0.26.0 h1:P42AVeLghgTYr4+xUnTRKDMqpar+PtX7KWuNQL21L8M= | ||||||
| golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= | golang.org/x/text v0.26.0/go.mod h1:QK15LZJUUQVJxhz7wXgxSy/CJaTFjd0G+YLonydOVQA= | ||||||
| golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= | golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= | ||||||
| golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= | golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= | ||||||
| golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= |  | ||||||
| golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= |  | ||||||
| golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= | golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= | ||||||
| golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= |  | ||||||
| golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= |  | ||||||
| golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= |  | ||||||
| golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= |  | ||||||
| golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= |  | ||||||
| golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= | golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= | ||||||
| golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= | golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= | ||||||
| golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= | golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= | ||||||
| golang.org/x/tools v0.7.0 h1:W4OVu8VVOaIO0yzWMNdepAulS7YfoS3Zabrm8DOXXU4= | golang.org/x/tools v0.33.0 h1:4qz2S3zmRxbGIhDIAgjxvFutSvH5EfnsYrRBj0UI0bc= | ||||||
| golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s= | golang.org/x/tools v0.33.0/go.mod h1:CIJMaWEY88juyUfo7UbgPqbC8rU2OqfAV1h2Qp0oMYI= | ||||||
| golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= | golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= | ||||||
| golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= | golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= | ||||||
| golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= | golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= | ||||||
| golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= | golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= | ||||||
| gomodules.xyz/jsonpatch/v2 v2.2.0 h1:4pT439QV83L+G9FkcCriY6EkpcK6r6bK+A5FBUMI7qY= | gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= | ||||||
| gomodules.xyz/jsonpatch/v2 v2.2.0/go.mod h1:WXp+iVDkoLQqPudfQ9GBlwB2eZ5DKOnjQZCYdOS8GPY= | gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= | ||||||
| google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= | google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= | ||||||
| google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= | google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= | ||||||
| google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= |  | ||||||
| google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= |  | ||||||
| google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= |  | ||||||
| google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= |  | ||||||
| google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= |  | ||||||
| google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= |  | ||||||
| google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= |  | ||||||
| google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= |  | ||||||
| google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= |  | ||||||
| google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= |  | ||||||
| google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= |  | ||||||
| google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= |  | ||||||
| google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= |  | ||||||
| google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= |  | ||||||
| google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= |  | ||||||
| google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= |  | ||||||
| google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= |  | ||||||
| google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= |  | ||||||
| google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= |  | ||||||
| google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= |  | ||||||
| google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= |  | ||||||
| google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= |  | ||||||
| google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= |  | ||||||
| google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= |  | ||||||
| google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= |  | ||||||
| google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= |  | ||||||
| google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng= |  | ||||||
| google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= |  | ||||||
| gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= | gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= | ||||||
| gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= |  | ||||||
| gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= |  | ||||||
| gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= | gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= | ||||||
| gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= | gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= | ||||||
| gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= | gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= | ||||||
| gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= | gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= | ||||||
| gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= |  | ||||||
| gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= |  | ||||||
| gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= | gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= | ||||||
| gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= | gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= | ||||||
| gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= | gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= | ||||||
| gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= | gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= | ||||||
| gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= |  | ||||||
| gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= |  | ||||||
| gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= | gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= | ||||||
| gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= | gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= | ||||||
| honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= | k8s.io/api v0.29.3 h1:2ORfZ7+bGC3YJqGpV0KSDDEVf8hdGQ6A03/50vj8pmw= | ||||||
| honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= | k8s.io/api v0.29.3/go.mod h1:y2yg2NTyHUUkIoTC+phinTnEa3KFM6RZ3szxt014a80= | ||||||
| k8s.io/api v0.26.3 h1:emf74GIQMTik01Aum9dPP0gAypL8JTLl/lHa4V9RFSU= | k8s.io/apiextensions-apiserver v0.29.3 h1:9HF+EtZaVpFjStakF4yVufnXGPRppWFEQ87qnO91YeI= | ||||||
| k8s.io/api v0.26.3/go.mod h1:PXsqwPMXBSBcL1lJ9CYDKy7kIReUydukS5JiRlxC3qE= | k8s.io/apiextensions-apiserver v0.29.3/go.mod h1:po0XiY5scnpJfFizNGo6puNU6Fq6D70UJY2Cb2KwAVc= | ||||||
| k8s.io/apiextensions-apiserver v0.26.3 h1:5PGMm3oEzdB1W/FTMgGIDmm100vn7IaUP5er36dB+YE= | k8s.io/apimachinery v0.29.3 h1:2tbx+5L7RNvqJjn7RIuIKu9XTsIZ9Z5wX2G22XAa5EU= | ||||||
| k8s.io/apiextensions-apiserver v0.26.3/go.mod h1:jdA5MdjNWGP+njw1EKMZc64xAT5fIhN6VJrElV3sfpQ= | k8s.io/apimachinery v0.29.3/go.mod h1:hx/S4V2PNW4OMg3WizRrHutyB5la0iCUbZym+W0EQIU= | ||||||
| k8s.io/apimachinery v0.26.3 h1:dQx6PNETJ7nODU3XPtrwkfuubs6w7sX0M8n61zHIV/k= | k8s.io/client-go v0.29.3 h1:R/zaZbEAxqComZ9FHeQwOh3Y1ZUs7FaHKZdQtIc2WZg= | ||||||
| k8s.io/apimachinery v0.26.3/go.mod h1:ats7nN1LExKHvJ9TmwootT00Yz05MuYqPXEXaVeOy5I= | k8s.io/client-go v0.29.3/go.mod h1:tkDisCvgPfiRpxGnOORfkljmS+UrW+WtXAy2fTvXJB0= | ||||||
| k8s.io/client-go v0.26.3 h1:k1UY+KXfkxV2ScEL3gilKcF7761xkYsSD6BC9szIu8s= | k8s.io/component-base v0.29.3 h1:Oq9/nddUxlnrCuuR2K/jp6aflVvc0uDvxMzAWxnGzAo= | ||||||
| k8s.io/client-go v0.26.3/go.mod h1:ZPNu9lm8/dbRIPAgteN30RSXea6vrCpFvq+MateTUuQ= | k8s.io/component-base v0.29.3/go.mod h1:Yuj33XXjuOk2BAaHsIGHhCKZQAgYKhqIxIjIr2UXYio= | ||||||
| k8s.io/component-base v0.26.3 h1:oC0WMK/ggcbGDTkdcqefI4wIZRYdK3JySx9/HADpV0g= | k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= | ||||||
| k8s.io/component-base v0.26.3/go.mod h1:5kj1kZYwSC6ZstHJN7oHBqcJC6yyn41eR+Sqa/mQc8E= | k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= | ||||||
| k8s.io/klog/v2 v2.90.1 h1:m4bYOKall2MmOiRaR1J+We67Do7vm9KiQVlT96lnHUw= | k8s.io/kube-openapi v0.0.0-20240322212309-b815d8309940 h1:qVoMaQV5t62UUvHe16Q3eb2c5HPzLHYzsi0Tu/xLndo= | ||||||
| k8s.io/klog/v2 v2.90.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= | k8s.io/kube-openapi v0.0.0-20240322212309-b815d8309940/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= | ||||||
| k8s.io/kube-openapi v0.0.0-20230308215209-15aac26d736a h1:gmovKNur38vgoWfGtP5QOGNOA7ki4n6qNYoFAgMlNvg= | k8s.io/kubectl v0.29.0 h1:Oqi48gXjikDhrBF67AYuZRTcJV4lg2l42GmvsP7FmYI= | ||||||
| k8s.io/kube-openapi v0.0.0-20230308215209-15aac26d736a/go.mod h1:y5VtZWM9sHHc2ZodIH/6SHzXj+TPU5USoA8lcIeKEKY= | k8s.io/kubectl v0.29.0/go.mod h1:0jMjGWIcMIQzmUaMgAzhSELv5WtHo2a8pq67DtviAJs= | ||||||
| k8s.io/kubectl v0.26.3 h1:bZ5SgFyeEXw6XTc1Qji0iNdtqAC76lmeIIQULg2wNXM= | k8s.io/utils v0.0.0-20240310230437-4693a0247e57 h1:gbqbevonBh57eILzModw6mrkbwM0gQBEuevE/AaBsHY= | ||||||
| k8s.io/kubectl v0.26.3/go.mod h1:02+gv7Qn4dupzN3fi/9OvqqdW+uG/4Zi56vc4Zmsp1g= | k8s.io/utils v0.0.0-20240310230437-4693a0247e57/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= | ||||||
| k8s.io/utils v0.0.0-20230313181309-38a27ef9d749 h1:xMMXJlJbsU8w3V5N2FLDQ8YgU8s1EoULdbQBcAeNJkY= | sigs.k8s.io/controller-runtime v0.17.2 h1:FwHwD1CTUemg0pW2otk7/U5/i5m2ymzvOXdbeGOUvw0= | ||||||
| k8s.io/utils v0.0.0-20230313181309-38a27ef9d749/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= | sigs.k8s.io/controller-runtime v0.17.2/go.mod h1:+MngTvIQQQhfXtwfdGw/UOQ/aIaqsYywfCINOtwMO/s= | ||||||
| sigs.k8s.io/controller-runtime v0.14.5 h1:6xaWFqzT5KuAQ9ufgUaj1G/+C4Y1GRkhrxl+BJ9i+5s= |  | ||||||
| sigs.k8s.io/controller-runtime v0.14.5/go.mod h1:WqIdsAY6JBsjfc/CqO0CORmNtoCtE4S6qbPc9s68h+0= |  | ||||||
| sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= | sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= | ||||||
| sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= | sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= | ||||||
| sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE= | sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= | ||||||
| sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= | sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= | ||||||
| sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= | sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= | ||||||
| sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= | sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= | ||||||
|   | |||||||
| @@ -1,7 +1,7 @@ | |||||||
| /* | /* | ||||||
| MIT License | MIT License | ||||||
|  |  | ||||||
| Copyright (c) 2020-2022 1Password | Copyright (c) 2020-2024 1Password | ||||||
|  |  | ||||||
| Permission is hereby granted, free of charge, to any person obtaining a copy | Permission is hereby granted, free of charge, to any person obtaining a copy | ||||||
| of this software and associated documentation files (the "Software"), to deal | of this software and associated documentation files (the "Software"), to deal | ||||||
|   | |||||||
| @@ -1,7 +1,7 @@ | |||||||
| /* | /* | ||||||
| MIT License | MIT License | ||||||
| 
 | 
 | ||||||
| Copyright (c) 2020-2022 1Password | Copyright (c) 2020-2024 1Password | ||||||
| 
 | 
 | ||||||
| Permission is hereby granted, free of charge, to any person obtaining a copy | Permission is hereby granted, free of charge, to any person obtaining a copy | ||||||
| of this software and associated documentation files (the "Software"), to deal | of this software and associated documentation files (the "Software"), to deal | ||||||
| @@ -22,18 +22,19 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | |||||||
| SOFTWARE. | SOFTWARE. | ||||||
| */ | */ | ||||||
| 
 | 
 | ||||||
| package controllers | package controller | ||||||
| 
 | 
 | ||||||
| import ( | import ( | ||||||
| 	"context" | 	"context" | ||||||
| 	"fmt" | 	"fmt" | ||||||
| 	"regexp" | 	"regexp" | ||||||
| 	"sigs.k8s.io/controller-runtime/pkg/reconcile" | 	"strings" | ||||||
| 
 | 	"time" | ||||||
| 	"github.com/1Password/connect-sdk-go/connect" |  | ||||||
| 
 | 
 | ||||||
| 	kubeSecrets "github.com/1Password/onepassword-operator/pkg/kubernetessecrets" | 	kubeSecrets "github.com/1Password/onepassword-operator/pkg/kubernetessecrets" | ||||||
|  | 	"github.com/1Password/onepassword-operator/pkg/logs" | ||||||
| 	op "github.com/1Password/onepassword-operator/pkg/onepassword" | 	op "github.com/1Password/onepassword-operator/pkg/onepassword" | ||||||
|  | 	opclient "github.com/1Password/onepassword-operator/pkg/onepassword/client" | ||||||
| 	"github.com/1Password/onepassword-operator/pkg/utils" | 	"github.com/1Password/onepassword-operator/pkg/utils" | ||||||
| 
 | 
 | ||||||
| 	appsv1 "k8s.io/api/apps/v1" | 	appsv1 "k8s.io/api/apps/v1" | ||||||
| @@ -45,6 +46,7 @@ import ( | |||||||
| 	"sigs.k8s.io/controller-runtime/pkg/client" | 	"sigs.k8s.io/controller-runtime/pkg/client" | ||||||
| 	"sigs.k8s.io/controller-runtime/pkg/client/apiutil" | 	"sigs.k8s.io/controller-runtime/pkg/client/apiutil" | ||||||
| 	logf "sigs.k8s.io/controller-runtime/pkg/log" | 	logf "sigs.k8s.io/controller-runtime/pkg/log" | ||||||
|  | 	"sigs.k8s.io/controller-runtime/pkg/reconcile" | ||||||
| ) | ) | ||||||
| 
 | 
 | ||||||
| var logDeployment = logf.Log.WithName("controller_deployment") | var logDeployment = logf.Log.WithName("controller_deployment") | ||||||
| @@ -53,7 +55,7 @@ var logDeployment = logf.Log.WithName("controller_deployment") | |||||||
| type DeploymentReconciler struct { | type DeploymentReconciler struct { | ||||||
| 	client.Client | 	client.Client | ||||||
| 	Scheme             *runtime.Scheme | 	Scheme             *runtime.Scheme | ||||||
| 	OpConnectClient    connect.Client | 	OpClient           opclient.Client | ||||||
| 	OpAnnotationRegExp *regexp.Regexp | 	OpAnnotationRegExp *regexp.Regexp | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| @@ -72,10 +74,10 @@ type DeploymentReconciler struct { | |||||||
| // - https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile | // - https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile | ||||||
| func (r *DeploymentReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { | func (r *DeploymentReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { | ||||||
| 	reqLogger := logDeployment.WithValues("Request.Namespace", req.Namespace, "Request.Name", req.Name) | 	reqLogger := logDeployment.WithValues("Request.Namespace", req.Namespace, "Request.Name", req.Name) | ||||||
| 	reqLogger.Info("Reconciling Deployment") | 	reqLogger.V(logs.DebugLevel).Info("Reconciling Deployment") | ||||||
| 
 | 
 | ||||||
| 	deployment := &appsv1.Deployment{} | 	deployment := &appsv1.Deployment{} | ||||||
| 	err := r.Get(context.Background(), req.NamespacedName, deployment) | 	err := r.Get(ctx, req.NamespacedName, deployment) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		if errors.IsNotFound(err) { | 		if errors.IsNotFound(err) { | ||||||
| 			return reconcile.Result{}, nil | 			return reconcile.Result{}, nil | ||||||
| @@ -85,7 +87,7 @@ func (r *DeploymentReconciler) Reconcile(ctx context.Context, req ctrl.Request) | |||||||
| 
 | 
 | ||||||
| 	annotations, annotationsFound := op.GetAnnotationsForDeployment(deployment, r.OpAnnotationRegExp) | 	annotations, annotationsFound := op.GetAnnotationsForDeployment(deployment, r.OpAnnotationRegExp) | ||||||
| 	if !annotationsFound { | 	if !annotationsFound { | ||||||
| 		reqLogger.Info("No 1Password Annotations found") | 		reqLogger.V(logs.DebugLevel).Info("No 1Password Annotations found") | ||||||
| 		return ctrl.Result{}, nil | 		return ctrl.Result{}, nil | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| @@ -95,13 +97,18 @@ func (r *DeploymentReconciler) Reconcile(ctx context.Context, req ctrl.Request) | |||||||
| 		// This is so we can handle cleanup of associated secrets properly | 		// This is so we can handle cleanup of associated secrets properly | ||||||
| 		if !utils.ContainsString(deployment.ObjectMeta.Finalizers, finalizer) { | 		if !utils.ContainsString(deployment.ObjectMeta.Finalizers, finalizer) { | ||||||
| 			deployment.ObjectMeta.Finalizers = append(deployment.ObjectMeta.Finalizers, finalizer) | 			deployment.ObjectMeta.Finalizers = append(deployment.ObjectMeta.Finalizers, finalizer) | ||||||
| 			if err = r.Update(context.Background(), deployment); err != nil { | 			if err = r.Update(ctx, deployment); err != nil { | ||||||
| 				return reconcile.Result{}, err | 				return reconcile.Result{}, err | ||||||
| 			} | 			} | ||||||
| 		} | 		} | ||||||
| 		// Handles creation or updating secrets for deployment if needed | 		// Handles creation or updating secrets for deployment if needed | ||||||
| 		if err = r.handleApplyingDeployment(deployment, deployment.Namespace, annotations, req); err != nil { | 		if err = r.handleApplyingDeployment(ctx, deployment, deployment.Namespace, annotations, req); err != nil { | ||||||
| 			return ctrl.Result{}, err | 			if strings.Contains(err.Error(), "rate limit") { | ||||||
|  | 				reqLogger.V(logs.InfoLevel).Info("1Password rate limit hit. Requeuing after 15 minutes.") | ||||||
|  | 				return ctrl.Result{RequeueAfter: 15 * time.Minute}, nil | ||||||
|  | 			} else { | ||||||
|  | 				return ctrl.Result{}, err | ||||||
|  | 			} | ||||||
| 		} | 		} | ||||||
| 		return ctrl.Result{}, nil | 		return ctrl.Result{}, nil | ||||||
| 	} | 	} | ||||||
| @@ -110,12 +117,12 @@ func (r *DeploymentReconciler) Reconcile(ctx context.Context, req ctrl.Request) | |||||||
| 	if utils.ContainsString(deployment.ObjectMeta.Finalizers, finalizer) { | 	if utils.ContainsString(deployment.ObjectMeta.Finalizers, finalizer) { | ||||||
| 
 | 
 | ||||||
| 		secretName := annotations[op.NameAnnotation] | 		secretName := annotations[op.NameAnnotation] | ||||||
| 		if err = r.cleanupKubernetesSecretForDeployment(secretName, deployment); err != nil { | 		if err = r.cleanupKubernetesSecretForDeployment(ctx, secretName, deployment); err != nil { | ||||||
| 			return ctrl.Result{}, err | 			return ctrl.Result{}, err | ||||||
| 		} | 		} | ||||||
| 
 | 
 | ||||||
| 		// Remove the finalizer from the deployment so deletion of deployment can be completed | 		// Remove the finalizer from the deployment so deletion of deployment can be completed | ||||||
| 		if err = r.removeOnePasswordFinalizerFromDeployment(deployment); err != nil { | 		if err = r.removeOnePasswordFinalizerFromDeployment(ctx, deployment); err != nil { | ||||||
| 			return reconcile.Result{}, err | 			return reconcile.Result{}, err | ||||||
| 		} | 		} | ||||||
| 	} | 	} | ||||||
| @@ -129,7 +136,7 @@ func (r *DeploymentReconciler) SetupWithManager(mgr ctrl.Manager) error { | |||||||
| 		Complete(r) | 		Complete(r) | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| func (r *DeploymentReconciler) cleanupKubernetesSecretForDeployment(secretName string, deletedDeployment *appsv1.Deployment) error { | func (r *DeploymentReconciler) cleanupKubernetesSecretForDeployment(ctx context.Context, secretName string, deletedDeployment *appsv1.Deployment) error { | ||||||
| 	kubernetesSecret := &corev1.Secret{} | 	kubernetesSecret := &corev1.Secret{} | ||||||
| 	kubernetesSecret.ObjectMeta.Name = secretName | 	kubernetesSecret.ObjectMeta.Name = secretName | ||||||
| 	kubernetesSecret.ObjectMeta.Namespace = deletedDeployment.Namespace | 	kubernetesSecret.ObjectMeta.Namespace = deletedDeployment.Namespace | ||||||
| @@ -139,14 +146,14 @@ func (r *DeploymentReconciler) cleanupKubernetesSecretForDeployment(secretName s | |||||||
| 	} | 	} | ||||||
| 	updatedSecrets := map[string]*corev1.Secret{secretName: kubernetesSecret} | 	updatedSecrets := map[string]*corev1.Secret{secretName: kubernetesSecret} | ||||||
| 
 | 
 | ||||||
| 	multipleDeploymentsUsingSecret, err := r.areMultipleDeploymentsUsingSecret(updatedSecrets, *deletedDeployment) | 	multipleDeploymentsUsingSecret, err := r.areMultipleDeploymentsUsingSecret(ctx, updatedSecrets, *deletedDeployment) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		return err | 		return err | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	// Only delete the associated kubernetes secret if it is not being used by other deployments | 	// Only delete the associated kubernetes secret if it is not being used by other deployments | ||||||
| 	if !multipleDeploymentsUsingSecret { | 	if !multipleDeploymentsUsingSecret { | ||||||
| 		if err = r.Delete(context.Background(), kubernetesSecret); err != nil { | 		if err = r.Delete(ctx, kubernetesSecret); err != nil { | ||||||
| 			if !errors.IsNotFound(err) { | 			if !errors.IsNotFound(err) { | ||||||
| 				return err | 				return err | ||||||
| 			} | 			} | ||||||
| @@ -155,13 +162,13 @@ func (r *DeploymentReconciler) cleanupKubernetesSecretForDeployment(secretName s | |||||||
| 	return nil | 	return nil | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| func (r *DeploymentReconciler) areMultipleDeploymentsUsingSecret(updatedSecrets map[string]*corev1.Secret, deletedDeployment appsv1.Deployment) (bool, error) { | func (r *DeploymentReconciler) areMultipleDeploymentsUsingSecret(ctx context.Context, updatedSecrets map[string]*corev1.Secret, deletedDeployment appsv1.Deployment) (bool, error) { | ||||||
| 	deployments := &appsv1.DeploymentList{} | 	deployments := &appsv1.DeploymentList{} | ||||||
| 	opts := []client.ListOption{ | 	opts := []client.ListOption{ | ||||||
| 		client.InNamespace(deletedDeployment.Namespace), | 		client.InNamespace(deletedDeployment.Namespace), | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	err := r.List(context.Background(), deployments, opts...) | 	err := r.List(ctx, deployments, opts...) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		logDeployment.Error(err, "Failed to list kubernetes deployments") | 		logDeployment.Error(err, "Failed to list kubernetes deployments") | ||||||
| 		return false, err | 		return false, err | ||||||
| @@ -177,12 +184,12 @@ func (r *DeploymentReconciler) areMultipleDeploymentsUsingSecret(updatedSecrets | |||||||
| 	return false, nil | 	return false, nil | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| func (r *DeploymentReconciler) removeOnePasswordFinalizerFromDeployment(deployment *appsv1.Deployment) error { | func (r *DeploymentReconciler) removeOnePasswordFinalizerFromDeployment(ctx context.Context, deployment *appsv1.Deployment) error { | ||||||
| 	deployment.ObjectMeta.Finalizers = utils.RemoveString(deployment.ObjectMeta.Finalizers, finalizer) | 	deployment.ObjectMeta.Finalizers = utils.RemoveString(deployment.ObjectMeta.Finalizers, finalizer) | ||||||
| 	return r.Update(context.Background(), deployment) | 	return r.Update(ctx, deployment) | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| func (r *DeploymentReconciler) handleApplyingDeployment(deployment *appsv1.Deployment, namespace string, annotations map[string]string, request reconcile.Request) error { | func (r *DeploymentReconciler) handleApplyingDeployment(ctx context.Context, deployment *appsv1.Deployment, namespace string, annotations map[string]string, request reconcile.Request) error { | ||||||
| 	reqLog := logDeployment.WithValues("Request.Namespace", request.Namespace, "Request.Name", request.Name) | 	reqLog := logDeployment.WithValues("Request.Namespace", request.Namespace, "Request.Name", request.Name) | ||||||
| 
 | 
 | ||||||
| 	secretName := annotations[op.NameAnnotation] | 	secretName := annotations[op.NameAnnotation] | ||||||
| @@ -194,15 +201,15 @@ func (r *DeploymentReconciler) handleApplyingDeployment(deployment *appsv1.Deplo | |||||||
| 		return nil | 		return nil | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	item, err := op.GetOnePasswordItemByPath(r.OpConnectClient, annotations[op.ItemPathAnnotation]) | 	item, err := op.GetOnePasswordItemByPath(ctx, r.OpClient, annotations[op.ItemPathAnnotation]) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		return fmt.Errorf("Failed to retrieve item: %v", err) | 		return fmt.Errorf("failed to retrieve item: %w", err) | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	// Create owner reference. | 	// Create owner reference. | ||||||
| 	gvk, err := apiutil.GVKForObject(deployment, r.Scheme) | 	gvk, err := apiutil.GVKForObject(deployment, r.Scheme) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		return fmt.Errorf("could not to retrieve group version kind: %v", err) | 		return fmt.Errorf("could not to retrieve group version kind: %w", err) | ||||||
| 	} | 	} | ||||||
| 	ownerRef := &metav1.OwnerReference{ | 	ownerRef := &metav1.OwnerReference{ | ||||||
| 		APIVersion: gvk.GroupVersion().String(), | 		APIVersion: gvk.GroupVersion().String(), | ||||||
| @@ -211,5 +218,5 @@ func (r *DeploymentReconciler) handleApplyingDeployment(deployment *appsv1.Deplo | |||||||
| 		UID:        deployment.GetUID(), | 		UID:        deployment.GetUID(), | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	return kubeSecrets.CreateKubernetesSecretFromItem(r.Client, secretName, namespace, item, annotations[op.RestartDeploymentsAnnotation], secretLabels, secretType, ownerRef) | 	return kubeSecrets.CreateKubernetesSecretFromItem(ctx, r.Client, secretName, namespace, item, annotations[op.RestartDeploymentsAnnotation], secretLabels, secretType, ownerRef) | ||||||
| } | } | ||||||
| @@ -1,10 +1,7 @@ | |||||||
| package controllers | package controller | ||||||
| 
 | 
 | ||||||
| import ( | import ( | ||||||
| 	"context" | 	"context" | ||||||
| 	"github.com/1Password/connect-sdk-go/onepassword" |  | ||||||
| 	"github.com/1Password/onepassword-operator/pkg/mocks" |  | ||||||
| 	op "github.com/1Password/onepassword-operator/pkg/onepassword" |  | ||||||
| 	"time" | 	"time" | ||||||
| 
 | 
 | ||||||
| 	. "github.com/onsi/ginkgo/v2" | 	. "github.com/onsi/ginkgo/v2" | ||||||
| @@ -17,6 +14,7 @@ import ( | |||||||
| 	"sigs.k8s.io/controller-runtime/pkg/client" | 	"sigs.k8s.io/controller-runtime/pkg/client" | ||||||
| 
 | 
 | ||||||
| 	onepasswordv1 "github.com/1Password/onepassword-operator/api/v1" | 	onepasswordv1 "github.com/1Password/onepassword-operator/api/v1" | ||||||
|  | 	op "github.com/1Password/onepassword-operator/pkg/onepassword" | ||||||
| ) | ) | ||||||
| 
 | 
 | ||||||
| const ( | const ( | ||||||
| @@ -26,14 +24,13 @@ const ( | |||||||
| ) | ) | ||||||
| 
 | 
 | ||||||
| var _ = Describe("Deployment controller", func() { | var _ = Describe("Deployment controller", func() { | ||||||
| 	var ctx context.Context | 	ctx := context.Background() | ||||||
| 	var deploymentKey types.NamespacedName | 	var deploymentKey types.NamespacedName | ||||||
| 	var secretKey types.NamespacedName | 	var secretKey types.NamespacedName | ||||||
| 	var deploymentResource *appsv1.Deployment | 	var deploymentResource *appsv1.Deployment | ||||||
| 	createdSecret := &v1.Secret{} | 	createdSecret := &v1.Secret{} | ||||||
| 
 | 
 | ||||||
| 	makeDeployment := func() { | 	makeDeployment := func() { | ||||||
| 		ctx = context.Background() |  | ||||||
| 
 | 
 | ||||||
| 		deploymentKey = types.NamespacedName{ | 		deploymentKey = types.NamespacedName{ | ||||||
| 			Name:      deploymentName, | 			Name:      deploymentName, | ||||||
| @@ -95,28 +92,19 @@ var _ = Describe("Deployment controller", func() { | |||||||
| 
 | 
 | ||||||
| 	cleanK8sResources := func() { | 	cleanK8sResources := func() { | ||||||
| 		// failed test runs that don't clean up leave resources behind. | 		// failed test runs that don't clean up leave resources behind. | ||||||
| 		err := k8sClient.DeleteAllOf(context.Background(), &onepasswordv1.OnePasswordItem{}, client.InNamespace(namespace)) | 		err := k8sClient.DeleteAllOf(ctx, &onepasswordv1.OnePasswordItem{}, client.InNamespace(namespace)) | ||||||
| 		Expect(err).ToNot(HaveOccurred()) | 		Expect(err).ToNot(HaveOccurred()) | ||||||
| 
 | 
 | ||||||
| 		err = k8sClient.DeleteAllOf(context.Background(), &v1.Secret{}, client.InNamespace(namespace)) | 		err = k8sClient.DeleteAllOf(ctx, &v1.Secret{}, client.InNamespace(namespace)) | ||||||
| 		Expect(err).ToNot(HaveOccurred()) | 		Expect(err).ToNot(HaveOccurred()) | ||||||
| 
 | 
 | ||||||
| 		err = k8sClient.DeleteAllOf(context.Background(), &appsv1.Deployment{}, client.InNamespace(namespace)) | 		err = k8sClient.DeleteAllOf(ctx, &appsv1.Deployment{}, client.InNamespace(namespace)) | ||||||
| 		Expect(err).ToNot(HaveOccurred()) | 		Expect(err).ToNot(HaveOccurred()) | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	mockGetItemFunc := func() { | 	mockGetItemFunc := func() { | ||||||
| 		mocks.DoGetItemFunc = func(uuid string, vaultUUID string) (*onepassword.Item, error) { | 		// mock GetItemByID to return test item 'item1' | ||||||
| 			item := onepassword.Item{} | 		mockGetItemByIDFunc.Return(item1.ToModel(), nil) | ||||||
| 			item.Fields = []*onepassword.ItemField{} |  | ||||||
| 			for k, v := range item1.Data { |  | ||||||
| 				item.Fields = append(item.Fields, &onepassword.ItemField{Label: k, Value: v}) |  | ||||||
| 			} |  | ||||||
| 			item.Version = item1.Version |  | ||||||
| 			item.Vault.ID = vaultUUID |  | ||||||
| 			item.ID = uuid |  | ||||||
| 			return &item, nil |  | ||||||
| 		} |  | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	BeforeEach(func() { | 	BeforeEach(func() { | ||||||
| @@ -151,17 +139,10 @@ var _ = Describe("Deployment controller", func() { | |||||||
| 
 | 
 | ||||||
| 		It("Should update existing K8s Secret using deployment", func() { | 		It("Should update existing K8s Secret using deployment", func() { | ||||||
| 			By("Updating secret") | 			By("Updating secret") | ||||||
| 			mocks.DoGetItemFunc = func(uuid string, vaultUUID string) (*onepassword.Item, error) { | 
 | ||||||
| 				item := onepassword.Item{} | 			// mock GetItemByID to return test item 'item2' | ||||||
| 				item.Fields = []*onepassword.ItemField{} | 			mockGetItemByIDFunc.Return(item2.ToModel(), nil) | ||||||
| 				for k, v := range item2.Data { | 
 | ||||||
| 					item.Fields = append(item.Fields, &onepassword.ItemField{Label: k, Value: v}) |  | ||||||
| 				} |  | ||||||
| 				item.Version = item2.Version |  | ||||||
| 				item.Vault.ID = vaultUUID |  | ||||||
| 				item.ID = uuid |  | ||||||
| 				return &item, nil |  | ||||||
| 			} |  | ||||||
| 			Eventually(func() error { | 			Eventually(func() error { | ||||||
| 				updatedDeployment := &appsv1.Deployment{ | 				updatedDeployment := &appsv1.Deployment{ | ||||||
| 					TypeMeta: metav1.TypeMeta{ | 					TypeMeta: metav1.TypeMeta{ | ||||||
| @@ -1,7 +1,7 @@ | |||||||
| /* | /* | ||||||
| MIT License | MIT License | ||||||
| 
 | 
 | ||||||
| Copyright (c) 2020-2022 1Password | Copyright (c) 2020-2024 1Password | ||||||
| 
 | 
 | ||||||
| Permission is hereby granted, free of charge, to any person obtaining a copy | Permission is hereby granted, free of charge, to any person obtaining a copy | ||||||
| of this software and associated documentation files (the "Software"), to deal | of this software and associated documentation files (the "Software"), to deal | ||||||
| @@ -22,17 +22,19 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | |||||||
| SOFTWARE. | SOFTWARE. | ||||||
| */ | */ | ||||||
| 
 | 
 | ||||||
| package controllers | package controller | ||||||
| 
 | 
 | ||||||
| import ( | import ( | ||||||
| 	"context" | 	"context" | ||||||
| 	"fmt" | 	"fmt" | ||||||
| 
 | 	"strings" | ||||||
| 	"github.com/1Password/connect-sdk-go/connect" | 	"time" | ||||||
| 
 | 
 | ||||||
| 	onepasswordv1 "github.com/1Password/onepassword-operator/api/v1" | 	onepasswordv1 "github.com/1Password/onepassword-operator/api/v1" | ||||||
| 	kubeSecrets "github.com/1Password/onepassword-operator/pkg/kubernetessecrets" | 	kubeSecrets "github.com/1Password/onepassword-operator/pkg/kubernetessecrets" | ||||||
|  | 	"github.com/1Password/onepassword-operator/pkg/logs" | ||||||
| 	op "github.com/1Password/onepassword-operator/pkg/onepassword" | 	op "github.com/1Password/onepassword-operator/pkg/onepassword" | ||||||
|  | 	opclient "github.com/1Password/onepassword-operator/pkg/onepassword/client" | ||||||
| 	"github.com/1Password/onepassword-operator/pkg/utils" | 	"github.com/1Password/onepassword-operator/pkg/utils" | ||||||
| 
 | 
 | ||||||
| 	corev1 "k8s.io/api/core/v1" | 	corev1 "k8s.io/api/core/v1" | ||||||
| @@ -51,8 +53,8 @@ var finalizer = "onepassword.com/finalizer.secret" | |||||||
| // OnePasswordItemReconciler reconciles a OnePasswordItem object | // OnePasswordItemReconciler reconciles a OnePasswordItem object | ||||||
| type OnePasswordItemReconciler struct { | type OnePasswordItemReconciler struct { | ||||||
| 	client.Client | 	client.Client | ||||||
| 	Scheme          *runtime.Scheme | 	Scheme   *runtime.Scheme | ||||||
| 	OpConnectClient connect.Client | 	OpClient opclient.Client | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| //+kubebuilder:rbac:groups=onepassword.com,resources=onepassworditems,verbs=get;list;watch;create;update;patch;delete | //+kubebuilder:rbac:groups=onepassword.com,resources=onepassworditems,verbs=get;list;watch;create;update;patch;delete | ||||||
| @@ -66,6 +68,7 @@ type OnePasswordItemReconciler struct { | |||||||
| //+kubebuilder:rbac:groups=apps,resourceNames=onepassword-connect-operator,resources=deployments/finalizers,verbs=update | //+kubebuilder:rbac:groups=apps,resourceNames=onepassword-connect-operator,resources=deployments/finalizers,verbs=update | ||||||
| //+kubebuilder:rbac:groups=onepassword.com,resources=*,verbs=get;list;watch;create;update;patch;delete | //+kubebuilder:rbac:groups=onepassword.com,resources=*,verbs=get;list;watch;create;update;patch;delete | ||||||
| //+kubebuilder:rbac:groups=monitoring.coreos.com,resources=servicemonitors,verbs=get;create | //+kubebuilder:rbac:groups=monitoring.coreos.com,resources=servicemonitors,verbs=get;create | ||||||
|  | //+kubebuilder:rbac:groups=coordination.k8s.io,resources=leases,verbs=get;list;create;update | ||||||
| 
 | 
 | ||||||
| // Reconcile is part of the main kubernetes reconciliation loop which aims to | // Reconcile is part of the main kubernetes reconciliation loop which aims to | ||||||
| // move the current state of the cluster closer to the desired state. | // move the current state of the cluster closer to the desired state. | ||||||
| @@ -78,10 +81,10 @@ type OnePasswordItemReconciler struct { | |||||||
| // - https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile | // - https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile | ||||||
| func (r *OnePasswordItemReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { | func (r *OnePasswordItemReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { | ||||||
| 	reqLogger := logOnePasswordItem.WithValues("Request.Namespace", req.Namespace, "Request.Name", req.Name) | 	reqLogger := logOnePasswordItem.WithValues("Request.Namespace", req.Namespace, "Request.Name", req.Name) | ||||||
| 	reqLogger.Info("Reconciling OnePasswordItem") | 	reqLogger.V(logs.DebugLevel).Info("Reconciling OnePasswordItem") | ||||||
| 
 | 
 | ||||||
| 	onepassworditem := &onepasswordv1.OnePasswordItem{} | 	onepassworditem := &onepasswordv1.OnePasswordItem{} | ||||||
| 	err := r.Get(context.Background(), req.NamespacedName, onepassworditem) | 	err := r.Get(ctx, req.NamespacedName, onepassworditem) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		if errors.IsNotFound(err) { | 		if errors.IsNotFound(err) { | ||||||
| 			return ctrl.Result{}, nil | 			return ctrl.Result{}, nil | ||||||
| @@ -95,14 +98,20 @@ func (r *OnePasswordItemReconciler) Reconcile(ctx context.Context, req ctrl.Requ | |||||||
| 		// This is so we can handle cleanup of associated secrets properly | 		// This is so we can handle cleanup of associated secrets properly | ||||||
| 		if !utils.ContainsString(onepassworditem.ObjectMeta.Finalizers, finalizer) { | 		if !utils.ContainsString(onepassworditem.ObjectMeta.Finalizers, finalizer) { | ||||||
| 			onepassworditem.ObjectMeta.Finalizers = append(onepassworditem.ObjectMeta.Finalizers, finalizer) | 			onepassworditem.ObjectMeta.Finalizers = append(onepassworditem.ObjectMeta.Finalizers, finalizer) | ||||||
| 			if err = r.Update(context.Background(), onepassworditem); err != nil { | 			if err = r.Update(ctx, onepassworditem); err != nil { | ||||||
| 				return ctrl.Result{}, err | 				return ctrl.Result{}, err | ||||||
| 			} | 			} | ||||||
| 		} | 		} | ||||||
| 
 | 
 | ||||||
| 		// Handles creation or updating secrets for deployment if needed | 		// Handles creation or updating secrets for deployment if needed | ||||||
| 		err = r.handleOnePasswordItem(onepassworditem, req) | 		err = r.handleOnePasswordItem(ctx, onepassworditem, req) | ||||||
| 		if updateStatusErr := r.updateStatus(onepassworditem, err); updateStatusErr != nil { | 		if err != nil { | ||||||
|  | 			if strings.Contains(err.Error(), "rate limit") { | ||||||
|  | 				reqLogger.V(logs.InfoLevel).Info("1Password rate limit hit. Requeuing after 15 minutes.") | ||||||
|  | 				return ctrl.Result{RequeueAfter: 15 * time.Minute}, nil | ||||||
|  | 			} | ||||||
|  | 		} | ||||||
|  | 		if updateStatusErr := r.updateStatus(ctx, onepassworditem, err); updateStatusErr != nil { | ||||||
| 			return ctrl.Result{}, fmt.Errorf("cannot update status: %s", updateStatusErr) | 			return ctrl.Result{}, fmt.Errorf("cannot update status: %s", updateStatusErr) | ||||||
| 		} | 		} | ||||||
| 		return ctrl.Result{}, err | 		return ctrl.Result{}, err | ||||||
| @@ -111,12 +120,12 @@ func (r *OnePasswordItemReconciler) Reconcile(ctx context.Context, req ctrl.Requ | |||||||
| 	if utils.ContainsString(onepassworditem.ObjectMeta.Finalizers, finalizer) { | 	if utils.ContainsString(onepassworditem.ObjectMeta.Finalizers, finalizer) { | ||||||
| 
 | 
 | ||||||
| 		// Delete associated kubernetes secret | 		// Delete associated kubernetes secret | ||||||
| 		if err = r.cleanupKubernetesSecret(onepassworditem); err != nil { | 		if err = r.cleanupKubernetesSecret(ctx, onepassworditem); err != nil { | ||||||
| 			return ctrl.Result{}, err | 			return ctrl.Result{}, err | ||||||
| 		} | 		} | ||||||
| 
 | 
 | ||||||
| 		// Remove finalizer now that cleanup is complete | 		// Remove finalizer now that cleanup is complete | ||||||
| 		if err = r.removeFinalizer(onepassworditem); err != nil { | 		if err = r.removeFinalizer(ctx, onepassworditem); err != nil { | ||||||
| 			return ctrl.Result{}, err | 			return ctrl.Result{}, err | ||||||
| 		} | 		} | ||||||
| 	} | 	} | ||||||
| @@ -130,20 +139,20 @@ func (r *OnePasswordItemReconciler) SetupWithManager(mgr ctrl.Manager) error { | |||||||
| 		Complete(r) | 		Complete(r) | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| func (r *OnePasswordItemReconciler) removeFinalizer(onePasswordItem *onepasswordv1.OnePasswordItem) error { | func (r *OnePasswordItemReconciler) removeFinalizer(ctx context.Context, onePasswordItem *onepasswordv1.OnePasswordItem) error { | ||||||
| 	onePasswordItem.ObjectMeta.Finalizers = utils.RemoveString(onePasswordItem.ObjectMeta.Finalizers, finalizer) | 	onePasswordItem.ObjectMeta.Finalizers = utils.RemoveString(onePasswordItem.ObjectMeta.Finalizers, finalizer) | ||||||
| 	if err := r.Update(context.Background(), onePasswordItem); err != nil { | 	if err := r.Update(ctx, onePasswordItem); err != nil { | ||||||
| 		return err | 		return err | ||||||
| 	} | 	} | ||||||
| 	return nil | 	return nil | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| func (r *OnePasswordItemReconciler) cleanupKubernetesSecret(onePasswordItem *onepasswordv1.OnePasswordItem) error { | func (r *OnePasswordItemReconciler) cleanupKubernetesSecret(ctx context.Context, onePasswordItem *onepasswordv1.OnePasswordItem) error { | ||||||
| 	kubernetesSecret := &corev1.Secret{} | 	kubernetesSecret := &corev1.Secret{} | ||||||
| 	kubernetesSecret.ObjectMeta.Name = onePasswordItem.Name | 	kubernetesSecret.ObjectMeta.Name = onePasswordItem.Name | ||||||
| 	kubernetesSecret.ObjectMeta.Namespace = onePasswordItem.Namespace | 	kubernetesSecret.ObjectMeta.Namespace = onePasswordItem.Namespace | ||||||
| 
 | 
 | ||||||
| 	if err := r.Delete(context.Background(), kubernetesSecret); err != nil { | 	if err := r.Delete(ctx, kubernetesSecret); err != nil { | ||||||
| 		if !errors.IsNotFound(err) { | 		if !errors.IsNotFound(err) { | ||||||
| 			return err | 			return err | ||||||
| 		} | 		} | ||||||
| @@ -151,26 +160,26 @@ func (r *OnePasswordItemReconciler) cleanupKubernetesSecret(onePasswordItem *one | |||||||
| 	return nil | 	return nil | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| func (r *OnePasswordItemReconciler) removeOnePasswordFinalizerFromOnePasswordItem(opSecret *onepasswordv1.OnePasswordItem) error { | func (r *OnePasswordItemReconciler) removeOnePasswordFinalizerFromOnePasswordItem(ctx context.Context, opSecret *onepasswordv1.OnePasswordItem) error { | ||||||
| 	opSecret.ObjectMeta.Finalizers = utils.RemoveString(opSecret.ObjectMeta.Finalizers, finalizer) | 	opSecret.ObjectMeta.Finalizers = utils.RemoveString(opSecret.ObjectMeta.Finalizers, finalizer) | ||||||
| 	return r.Update(context.Background(), opSecret) | 	return r.Update(ctx, opSecret) | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| func (r *OnePasswordItemReconciler) handleOnePasswordItem(resource *onepasswordv1.OnePasswordItem, req ctrl.Request) error { | func (r *OnePasswordItemReconciler) handleOnePasswordItem(ctx context.Context, resource *onepasswordv1.OnePasswordItem, req ctrl.Request) error { | ||||||
| 	secretName := resource.GetName() | 	secretName := resource.GetName() | ||||||
| 	labels := resource.Labels | 	labels := resource.Labels | ||||||
| 	secretType := resource.Type | 	secretType := resource.Type | ||||||
| 	autoRestart := resource.Annotations[op.RestartDeploymentsAnnotation] | 	autoRestart := resource.Annotations[op.RestartDeploymentsAnnotation] | ||||||
| 
 | 
 | ||||||
| 	item, err := op.GetOnePasswordItemByPath(r.OpConnectClient, resource.Spec.ItemPath) | 	item, err := op.GetOnePasswordItemByPath(ctx, r.OpClient, resource.Spec.ItemPath) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		return fmt.Errorf("Failed to retrieve item: %v", err) | 		return fmt.Errorf("failed to retrieve item: %w", err) | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	// Create owner reference. | 	// Create owner reference. | ||||||
| 	gvk, err := apiutil.GVKForObject(resource, r.Scheme) | 	gvk, err := apiutil.GVKForObject(resource, r.Scheme) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		return fmt.Errorf("could not to retrieve group version kind: %v", err) | 		return fmt.Errorf("could not to retrieve group version kind: %w", err) | ||||||
| 	} | 	} | ||||||
| 	ownerRef := &metav1.OwnerReference{ | 	ownerRef := &metav1.OwnerReference{ | ||||||
| 		APIVersion: gvk.GroupVersion().String(), | 		APIVersion: gvk.GroupVersion().String(), | ||||||
| @@ -179,10 +188,10 @@ func (r *OnePasswordItemReconciler) handleOnePasswordItem(resource *onepasswordv | |||||||
| 		UID:        resource.GetUID(), | 		UID:        resource.GetUID(), | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	return kubeSecrets.CreateKubernetesSecretFromItem(r.Client, secretName, resource.Namespace, item, autoRestart, labels, secretType, ownerRef) | 	return kubeSecrets.CreateKubernetesSecretFromItem(ctx, r.Client, secretName, resource.Namespace, item, autoRestart, labels, secretType, ownerRef) | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| func (r *OnePasswordItemReconciler) updateStatus(resource *onepasswordv1.OnePasswordItem, err error) error { | func (r *OnePasswordItemReconciler) updateStatus(ctx context.Context, resource *onepasswordv1.OnePasswordItem, err error) error { | ||||||
| 	existingCondition := findCondition(resource.Status.Conditions, onepasswordv1.OnePasswordItemReady) | 	existingCondition := findCondition(resource.Status.Conditions, onepasswordv1.OnePasswordItemReady) | ||||||
| 	updatedCondition := existingCondition | 	updatedCondition := existingCondition | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| @@ -198,7 +207,7 @@ func (r *OnePasswordItemReconciler) updateStatus(resource *onepasswordv1.OnePass | |||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	resource.Status.Conditions = []onepasswordv1.OnePasswordItemCondition{updatedCondition} | 	resource.Status.Conditions = []onepasswordv1.OnePasswordItemCondition{updatedCondition} | ||||||
| 	return r.Status().Update(context.Background(), resource) | 	return r.Status().Update(ctx, resource) | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| func findCondition(conditions []onepasswordv1.OnePasswordItemCondition, t onepasswordv1.OnePasswordItemConditionType) onepasswordv1.OnePasswordItemCondition { | func findCondition(conditions []onepasswordv1.OnePasswordItemCondition, t onepasswordv1.OnePasswordItemConditionType) onepasswordv1.OnePasswordItemCondition { | ||||||
| @@ -1,11 +1,8 @@ | |||||||
| package controllers | package controller | ||||||
| 
 | 
 | ||||||
| import ( | import ( | ||||||
| 	"context" | 	"context" | ||||||
| 
 | 	"fmt" | ||||||
| 	"github.com/1Password/connect-sdk-go/onepassword" |  | ||||||
| 	"github.com/1Password/onepassword-operator/pkg/mocks" |  | ||||||
| 
 |  | ||||||
| 	. "github.com/onsi/ginkgo/v2" | 	. "github.com/onsi/ginkgo/v2" | ||||||
| 	. "github.com/onsi/gomega" | 	. "github.com/onsi/gomega" | ||||||
| 
 | 
 | ||||||
| @@ -16,6 +13,7 @@ import ( | |||||||
| 	"sigs.k8s.io/controller-runtime/pkg/reconcile" | 	"sigs.k8s.io/controller-runtime/pkg/reconcile" | ||||||
| 
 | 
 | ||||||
| 	onepasswordv1 "github.com/1Password/onepassword-operator/api/v1" | 	onepasswordv1 "github.com/1Password/onepassword-operator/api/v1" | ||||||
|  | 	"github.com/1Password/onepassword-operator/pkg/onepassword/model" | ||||||
| ) | ) | ||||||
| 
 | 
 | ||||||
| const ( | const ( | ||||||
| @@ -32,17 +30,8 @@ var _ = Describe("OnePasswordItem controller", func() { | |||||||
| 		err = k8sClient.DeleteAllOf(context.Background(), &v1.Secret{}, client.InNamespace(namespace)) | 		err = k8sClient.DeleteAllOf(context.Background(), &v1.Secret{}, client.InNamespace(namespace)) | ||||||
| 		Expect(err).ToNot(HaveOccurred()) | 		Expect(err).ToNot(HaveOccurred()) | ||||||
| 
 | 
 | ||||||
| 		mocks.DoGetItemFunc = func(uuid string, vaultUUID string) (*onepassword.Item, error) { | 		item := item1.ToModel() | ||||||
| 			item := onepassword.Item{} | 		mockGetItemByIDFunc.Return(item, nil) | ||||||
| 			item.Fields = []*onepassword.ItemField{} |  | ||||||
| 			for k, v := range item1.Data { |  | ||||||
| 				item.Fields = append(item.Fields, &onepassword.ItemField{Label: k, Value: v}) |  | ||||||
| 			} |  | ||||||
| 			item.Version = item1.Version |  | ||||||
| 			item.Vault.ID = vaultUUID |  | ||||||
| 			item.ID = uuid |  | ||||||
| 			return &item, nil |  | ||||||
| 		} |  | ||||||
| 	}) | 	}) | ||||||
| 
 | 
 | ||||||
| 	Context("Happy path", func() { | 	Context("Happy path", func() { | ||||||
| @@ -99,17 +88,13 @@ var _ = Describe("OnePasswordItem controller", func() { | |||||||
| 				"password":   []byte("##newPassword##"), | 				"password":   []byte("##newPassword##"), | ||||||
| 				"extraField": []byte("dev"), | 				"extraField": []byte("dev"), | ||||||
| 			} | 			} | ||||||
| 			mocks.DoGetItemFunc = func(uuid string, vaultUUID string) (*onepassword.Item, error) { | 
 | ||||||
| 				item := onepassword.Item{} | 			item := item2.ToModel() | ||||||
| 				item.Fields = []*onepassword.ItemField{} | 			for k, v := range newData { | ||||||
| 				for k, v := range newData { | 				item.Fields = append(item.Fields, model.ItemField{Label: k, Value: v}) | ||||||
| 					item.Fields = append(item.Fields, &onepassword.ItemField{Label: k, Value: v}) |  | ||||||
| 				} |  | ||||||
| 				item.Version = item1.Version + 1 |  | ||||||
| 				item.Vault.ID = vaultUUID |  | ||||||
| 				item.ID = uuid |  | ||||||
| 				return &item, nil |  | ||||||
| 			} | 			} | ||||||
|  | 			mockGetItemByIDFunc.Return(item, nil) | ||||||
|  | 
 | ||||||
| 			_, err := onePasswordItemReconciler.Reconcile(ctx, reconcile.Request{NamespacedName: key}) | 			_, err := onePasswordItemReconciler.Reconcile(ctx, reconcile.Request{NamespacedName: key}) | ||||||
| 			Expect(err).ToNot(HaveOccurred()) | 			Expect(err).ToNot(HaveOccurred()) | ||||||
| 
 | 
 | ||||||
| @@ -178,18 +163,11 @@ var _ = Describe("OnePasswordItem controller", func() { | |||||||
| 				"ice-cream-type": []byte(iceCream), | 				"ice-cream-type": []byte(iceCream), | ||||||
| 			} | 			} | ||||||
| 
 | 
 | ||||||
| 			mocks.DoGetItemFunc = func(uuid string, vaultUUID string) (*onepassword.Item, error) { | 			item := item2.ToModel() | ||||||
| 				item := onepassword.Item{} | 			for k, v := range testData { | ||||||
| 				item.Title = "!my sECReT it3m%" | 				item.Fields = append(item.Fields, model.ItemField{Label: k, Value: v}) | ||||||
| 				item.Fields = []*onepassword.ItemField{} |  | ||||||
| 				for k, v := range testData { |  | ||||||
| 					item.Fields = append(item.Fields, &onepassword.ItemField{Label: k, Value: v}) |  | ||||||
| 				} |  | ||||||
| 				item.Version = item1.Version + 1 |  | ||||||
| 				item.Vault.ID = vaultUUID |  | ||||||
| 				item.ID = uuid |  | ||||||
| 				return &item, nil |  | ||||||
| 			} | 			} | ||||||
|  | 			mockGetItemByIDFunc.Return(item, nil) | ||||||
| 
 | 
 | ||||||
| 			By("Creating a new OnePasswordItem successfully") | 			By("Creating a new OnePasswordItem successfully") | ||||||
| 			Expect(k8sClient.Create(ctx, toCreate)).Should(Succeed()) | 			Expect(k8sClient.Create(ctx, toCreate)).Should(Succeed()) | ||||||
| @@ -326,6 +304,54 @@ var _ = Describe("OnePasswordItem controller", func() { | |||||||
| 			}, timeout, interval).Should(BeTrue()) | 			}, timeout, interval).Should(BeTrue()) | ||||||
| 			Expect(secret.Type).Should(Equal(v1.SecretType(customType))) | 			Expect(secret.Type).Should(Equal(v1.SecretType(customType))) | ||||||
| 		}) | 		}) | ||||||
|  | 
 | ||||||
|  | 		It("Should handle 1Password Item with a file and populate secret correctly", func() { | ||||||
|  | 			ctx := context.Background() | ||||||
|  | 			spec := onepasswordv1.OnePasswordItemSpec{ | ||||||
|  | 				ItemPath: item1.Path, | ||||||
|  | 			} | ||||||
|  | 
 | ||||||
|  | 			key := types.NamespacedName{ | ||||||
|  | 				Name:      "item-with-file", | ||||||
|  | 				Namespace: namespace, | ||||||
|  | 			} | ||||||
|  | 
 | ||||||
|  | 			toCreate := &onepasswordv1.OnePasswordItem{ | ||||||
|  | 				ObjectMeta: metav1.ObjectMeta{ | ||||||
|  | 					Name:      key.Name, | ||||||
|  | 					Namespace: key.Namespace, | ||||||
|  | 				}, | ||||||
|  | 				Spec: spec, | ||||||
|  | 			} | ||||||
|  | 
 | ||||||
|  | 			fileContent := []byte("dummy-cert-content") | ||||||
|  | 			item := item1.ToModel() | ||||||
|  | 			item.Files = []model.File{ | ||||||
|  | 				{ | ||||||
|  | 					ID:          "file-id-123", | ||||||
|  | 					Name:        "server.crt", | ||||||
|  | 					ContentPath: fmt.Sprintf("/v1/vaults/%s/items/%s/files/file-id-123/content", item.VaultID, item.ID), | ||||||
|  | 				}, | ||||||
|  | 			} | ||||||
|  | 			item.Files[0].SetContent(fileContent) | ||||||
|  | 
 | ||||||
|  | 			mockGetItemByIDFunc.Return(item, nil) | ||||||
|  | 			mockGetItemByIDFunc.On("GetFileContent", item.VaultID, item.ID, "file-id-123").Return(fileContent, nil) | ||||||
|  | 
 | ||||||
|  | 			By("Creating a new OnePasswordItem with file successfully") | ||||||
|  | 			Expect(k8sClient.Create(ctx, toCreate)).Should(Succeed()) | ||||||
|  | 
 | ||||||
|  | 			createdSecret := &v1.Secret{} | ||||||
|  | 			Eventually(func() bool { | ||||||
|  | 				err := k8sClient.Get(ctx, key, createdSecret) | ||||||
|  | 				if err != nil { | ||||||
|  | 					return false | ||||||
|  | 				} | ||||||
|  | 				return true | ||||||
|  | 			}, timeout, interval).Should(BeTrue()) | ||||||
|  | 
 | ||||||
|  | 			Expect(createdSecret.Data).Should(HaveKeyWithValue("server.crt", fileContent)) | ||||||
|  | 		}) | ||||||
| 	}) | 	}) | ||||||
| 
 | 
 | ||||||
| 	Context("Unhappy path", func() { | 	Context("Unhappy path", func() { | ||||||
| @@ -1,7 +1,7 @@ | |||||||
| /* | /* | ||||||
| MIT License | MIT License | ||||||
| 
 | 
 | ||||||
| Copyright (c) 2020-2022 1Password | Copyright (c) 2020-2024 1Password | ||||||
| 
 | 
 | ||||||
| Permission is hereby granted, free of charge, to any person obtaining a copy | Permission is hereby granted, free of charge, to any person obtaining a copy | ||||||
| of this software and associated documentation files (the "Software"), to deal | of this software and associated documentation files (the "Software"), to deal | ||||||
| @@ -22,7 +22,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | |||||||
| SOFTWARE. | SOFTWARE. | ||||||
| */ | */ | ||||||
| 
 | 
 | ||||||
| package controllers | package controller | ||||||
| 
 | 
 | ||||||
| import ( | import ( | ||||||
| 	"context" | 	"context" | ||||||
| @@ -31,10 +31,9 @@ import ( | |||||||
| 	"testing" | 	"testing" | ||||||
| 	"time" | 	"time" | ||||||
| 
 | 
 | ||||||
| 	"github.com/1Password/onepassword-operator/pkg/mocks" |  | ||||||
| 
 |  | ||||||
| 	. "github.com/onsi/ginkgo/v2" | 	. "github.com/onsi/ginkgo/v2" | ||||||
| 	. "github.com/onsi/gomega" | 	. "github.com/onsi/gomega" | ||||||
|  | 	"github.com/stretchr/testify/mock" | ||||||
| 
 | 
 | ||||||
| 	"k8s.io/client-go/kubernetes/scheme" | 	"k8s.io/client-go/kubernetes/scheme" | ||||||
| 	"k8s.io/client-go/rest" | 	"k8s.io/client-go/rest" | ||||||
| @@ -45,6 +44,8 @@ import ( | |||||||
| 	"sigs.k8s.io/controller-runtime/pkg/log/zap" | 	"sigs.k8s.io/controller-runtime/pkg/log/zap" | ||||||
| 
 | 
 | ||||||
| 	onepasswordcomv1 "github.com/1Password/onepassword-operator/api/v1" | 	onepasswordcomv1 "github.com/1Password/onepassword-operator/api/v1" | ||||||
|  | 	"github.com/1Password/onepassword-operator/pkg/mocks" | ||||||
|  | 	"github.com/1Password/onepassword-operator/pkg/onepassword/model" | ||||||
| 	//+kubebuilder:scaffold:imports | 	//+kubebuilder:scaffold:imports | ||||||
| ) | ) | ||||||
| 
 | 
 | ||||||
| @@ -78,8 +79,11 @@ var ( | |||||||
| 	cancel                    context.CancelFunc | 	cancel                    context.CancelFunc | ||||||
| 	onePasswordItemReconciler *OnePasswordItemReconciler | 	onePasswordItemReconciler *OnePasswordItemReconciler | ||||||
| 	deploymentReconciler      *DeploymentReconciler | 	deploymentReconciler      *DeploymentReconciler | ||||||
|  | 	mockGetItemByIDFunc       *mock.Call | ||||||
| 
 | 
 | ||||||
| 	item1 = &TestItem{ | 	item1 = &TestItem{ | ||||||
|  | 		ItemID:  "nwrhuano7bcwddcviubpp4mhfq", | ||||||
|  | 		VaultID: "hfnjvi6aymbsnfc2xeeoheizda", | ||||||
| 		Name:    "test-item", | 		Name:    "test-item", | ||||||
| 		Version: 123, | 		Version: 123, | ||||||
| 		Path:    "vaults/hfnjvi6aymbsnfc2xeeoheizda/items/nwrhuano7bcwddcviubpp4mhfq", | 		Path:    "vaults/hfnjvi6aymbsnfc2xeeoheizda/items/nwrhuano7bcwddcviubpp4mhfq", | ||||||
| @@ -94,6 +98,8 @@ var ( | |||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	item2 = &TestItem{ | 	item2 = &TestItem{ | ||||||
|  | 		ItemID:  "nwrhuano7bcwddcviubpp4mhf2", | ||||||
|  | 		VaultID: "hfnjvi6aymbsnfc2xeeoheizd2", | ||||||
| 		Name:    "test-item2", | 		Name:    "test-item2", | ||||||
| 		Path:    "vaults/hfnjvi6aymbsnfc2xeeoheizd2/items/nwrhuano7bcwddcviubpp4mhf2", | 		Path:    "vaults/hfnjvi6aymbsnfc2xeeoheizd2/items/nwrhuano7bcwddcviubpp4mhf2", | ||||||
| 		Version: 456, | 		Version: 456, | ||||||
| @@ -109,6 +115,8 @@ var ( | |||||||
| ) | ) | ||||||
| 
 | 
 | ||||||
| type TestItem struct { | type TestItem struct { | ||||||
|  | 	ItemID     string | ||||||
|  | 	VaultID    string | ||||||
| 	Name       string | 	Name       string | ||||||
| 	Version    int | 	Version    int | ||||||
| 	Path       string | 	Path       string | ||||||
| @@ -116,6 +124,20 @@ type TestItem struct { | |||||||
| 	SecretData map[string][]byte | 	SecretData map[string][]byte | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  | func (ti *TestItem) ToModel() *model.Item { | ||||||
|  | 	item := &model.Item{} | ||||||
|  | 	item.Version = ti.Version | ||||||
|  | 	item.VaultID = ti.VaultID | ||||||
|  | 	item.ID = ti.ItemID | ||||||
|  | 
 | ||||||
|  | 	item.Fields = []model.ItemField{} | ||||||
|  | 	for k, v := range ti.Data { | ||||||
|  | 		item.Fields = append(item.Fields, model.ItemField{Label: k, Value: v}) | ||||||
|  | 	} | ||||||
|  | 
 | ||||||
|  | 	return item | ||||||
|  | } | ||||||
|  | 
 | ||||||
| func TestAPIs(t *testing.T) { | func TestAPIs(t *testing.T) { | ||||||
| 	RegisterFailHandler(Fail) | 	RegisterFailHandler(Fail) | ||||||
| 
 | 
 | ||||||
| @@ -129,7 +151,7 @@ var _ = BeforeSuite(func() { | |||||||
| 
 | 
 | ||||||
| 	By("bootstrapping test environment") | 	By("bootstrapping test environment") | ||||||
| 	testEnv = &envtest.Environment{ | 	testEnv = &envtest.Environment{ | ||||||
| 		CRDDirectoryPaths:     []string{filepath.Join("..", "config", "crd", "bases")}, | 		CRDDirectoryPaths:     []string{filepath.Join("..", "..", "config", "crd", "bases")}, | ||||||
| 		ErrorIfCRDPathMissing: true, | 		ErrorIfCRDPathMissing: true, | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| @@ -153,12 +175,13 @@ var _ = BeforeSuite(func() { | |||||||
| 	}) | 	}) | ||||||
| 	Expect(err).ToNot(HaveOccurred()) | 	Expect(err).ToNot(HaveOccurred()) | ||||||
| 
 | 
 | ||||||
| 	opConnectClient := &mocks.TestClient{} | 	mockOpClient := &mocks.TestClient{} | ||||||
|  | 	mockGetItemByIDFunc = mockOpClient.On("GetItemByID", mock.Anything, mock.Anything) | ||||||
| 
 | 
 | ||||||
| 	onePasswordItemReconciler = &OnePasswordItemReconciler{ | 	onePasswordItemReconciler = &OnePasswordItemReconciler{ | ||||||
| 		Client:          k8sManager.GetClient(), | 		Client:   k8sManager.GetClient(), | ||||||
| 		Scheme:          k8sManager.GetScheme(), | 		Scheme:   k8sManager.GetScheme(), | ||||||
| 		OpConnectClient: opConnectClient, | 		OpClient: mockOpClient, | ||||||
| 	} | 	} | ||||||
| 	err = (onePasswordItemReconciler).SetupWithManager(k8sManager) | 	err = (onePasswordItemReconciler).SetupWithManager(k8sManager) | ||||||
| 	Expect(err).ToNot(HaveOccurred()) | 	Expect(err).ToNot(HaveOccurred()) | ||||||
| @@ -167,7 +190,7 @@ var _ = BeforeSuite(func() { | |||||||
| 	deploymentReconciler = &DeploymentReconciler{ | 	deploymentReconciler = &DeploymentReconciler{ | ||||||
| 		Client:             k8sManager.GetClient(), | 		Client:             k8sManager.GetClient(), | ||||||
| 		Scheme:             k8sManager.GetScheme(), | 		Scheme:             k8sManager.GetScheme(), | ||||||
| 		OpConnectClient:    opConnectClient, | 		OpClient:           mockOpClient, | ||||||
| 		OpAnnotationRegExp: r, | 		OpAnnotationRegExp: r, | ||||||
| 	} | 	} | ||||||
| 	err = (deploymentReconciler).SetupWithManager(k8sManager) | 	err = (deploymentReconciler).SetupWithManager(k8sManager) | ||||||
| @@ -2,17 +2,13 @@ package kubernetessecrets | |||||||
|  |  | ||||||
| import ( | import ( | ||||||
| 	"context" | 	"context" | ||||||
|  | 	errs "errors" | ||||||
| 	"fmt" | 	"fmt" | ||||||
|  | 	"reflect" | ||||||
| 	"regexp" | 	"regexp" | ||||||
| 	"strings" | 	"strings" | ||||||
|  |  | ||||||
| 	"reflect" | 	"github.com/1Password/onepassword-operator/pkg/onepassword/model" | ||||||
|  |  | ||||||
| 	errs "errors" |  | ||||||
|  |  | ||||||
| 	"github.com/1Password/connect-sdk-go/onepassword" |  | ||||||
|  |  | ||||||
| 	"github.com/1Password/onepassword-operator/pkg/utils" | 	"github.com/1Password/onepassword-operator/pkg/utils" | ||||||
| 	corev1 "k8s.io/api/core/v1" | 	corev1 "k8s.io/api/core/v1" | ||||||
| 	"k8s.io/apimachinery/pkg/api/errors" | 	"k8s.io/apimachinery/pkg/api/errors" | ||||||
| @@ -34,11 +30,11 @@ var ErrCannotUpdateSecretType = errs.New("Cannot change secret type. Secret type | |||||||
|  |  | ||||||
| var log = logf.Log | var log = logf.Log | ||||||
|  |  | ||||||
| func CreateKubernetesSecretFromItem(kubeClient kubernetesClient.Client, secretName, namespace string, item *onepassword.Item, autoRestart string, labels map[string]string, secretType string, ownerRef *metav1.OwnerReference) error { | func CreateKubernetesSecretFromItem(ctx context.Context, kubeClient kubernetesClient.Client, secretName, namespace string, item *model.Item, autoRestart string, labels map[string]string, secretType string, ownerRef *metav1.OwnerReference) error { | ||||||
| 	itemVersion := fmt.Sprint(item.Version) | 	itemVersion := fmt.Sprint(item.Version) | ||||||
| 	secretAnnotations := map[string]string{ | 	secretAnnotations := map[string]string{ | ||||||
| 		VersionAnnotation:  itemVersion, | 		VersionAnnotation:  itemVersion, | ||||||
| 		ItemPathAnnotation: fmt.Sprintf("vaults/%v/items/%v", item.Vault.ID, item.ID), | 		ItemPathAnnotation: fmt.Sprintf("vaults/%v/items/%v", item.VaultID, item.ID), | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
| 	if autoRestart != "" { | 	if autoRestart != "" { | ||||||
| @@ -53,10 +49,10 @@ func CreateKubernetesSecretFromItem(kubeClient kubernetesClient.Client, secretNa | |||||||
| 	secret := BuildKubernetesSecretFromOnePasswordItem(secretName, namespace, secretAnnotations, labels, secretType, *item, ownerRef) | 	secret := BuildKubernetesSecretFromOnePasswordItem(secretName, namespace, secretAnnotations, labels, secretType, *item, ownerRef) | ||||||
|  |  | ||||||
| 	currentSecret := &corev1.Secret{} | 	currentSecret := &corev1.Secret{} | ||||||
| 	err := kubeClient.Get(context.Background(), types.NamespacedName{Name: secret.Name, Namespace: secret.Namespace}, currentSecret) | 	err := kubeClient.Get(ctx, types.NamespacedName{Name: secret.Name, Namespace: secret.Namespace}, currentSecret) | ||||||
| 	if err != nil && errors.IsNotFound(err) { | 	if err != nil && errors.IsNotFound(err) { | ||||||
| 		log.Info(fmt.Sprintf("Creating Secret %v at namespace '%v'", secret.Name, secret.Namespace)) | 		log.Info(fmt.Sprintf("Creating Secret %v at namespace '%v'", secret.Name, secret.Namespace)) | ||||||
| 		return kubeClient.Create(context.Background(), secret) | 		return kubeClient.Create(ctx, secret) | ||||||
| 	} else if err != nil { | 	} else if err != nil { | ||||||
| 		return err | 		return err | ||||||
| 	} | 	} | ||||||
| @@ -82,7 +78,7 @@ func CreateKubernetesSecretFromItem(kubeClient kubernetesClient.Client, secretNa | |||||||
| 		currentSecret.ObjectMeta.Annotations = secretAnnotations | 		currentSecret.ObjectMeta.Annotations = secretAnnotations | ||||||
| 		currentSecret.ObjectMeta.Labels = labels | 		currentSecret.ObjectMeta.Labels = labels | ||||||
| 		currentSecret.Data = secret.Data | 		currentSecret.Data = secret.Data | ||||||
| 		if err := kubeClient.Update(context.Background(), currentSecret); err != nil { | 		if err := kubeClient.Update(ctx, currentSecret); err != nil { | ||||||
| 			return fmt.Errorf("Kubernetes secret update failed: %w", err) | 			return fmt.Errorf("Kubernetes secret update failed: %w", err) | ||||||
| 		} | 		} | ||||||
| 		return nil | 		return nil | ||||||
| @@ -92,7 +88,7 @@ func CreateKubernetesSecretFromItem(kubeClient kubernetesClient.Client, secretNa | |||||||
| 	return nil | 	return nil | ||||||
| } | } | ||||||
|  |  | ||||||
| func BuildKubernetesSecretFromOnePasswordItem(name, namespace string, annotations map[string]string, labels map[string]string, secretType string, item onepassword.Item, ownerRef *metav1.OwnerReference) *corev1.Secret { | func BuildKubernetesSecretFromOnePasswordItem(name, namespace string, annotations map[string]string, labels map[string]string, secretType string, item model.Item, ownerRef *metav1.OwnerReference) *corev1.Secret { | ||||||
| 	var ownerRefs []metav1.OwnerReference | 	var ownerRefs []metav1.OwnerReference | ||||||
| 	if ownerRef != nil { | 	if ownerRef != nil { | ||||||
| 		ownerRefs = []metav1.OwnerReference{*ownerRef} | 		ownerRefs = []metav1.OwnerReference{*ownerRef} | ||||||
| @@ -111,7 +107,7 @@ func BuildKubernetesSecretFromOnePasswordItem(name, namespace string, annotation | |||||||
| 	} | 	} | ||||||
| } | } | ||||||
|  |  | ||||||
| func BuildKubernetesSecretData(fields []*onepassword.ItemField, files []*onepassword.File) map[string][]byte { | func BuildKubernetesSecretData(fields []model.ItemField, files []model.File) map[string][]byte { | ||||||
| 	secretData := map[string][]byte{} | 	secretData := map[string][]byte{} | ||||||
| 	for i := 0; i < len(fields); i++ { | 	for i := 0; i < len(fields); i++ { | ||||||
| 		if fields[i].Value != "" { | 		if fields[i].Value != "" { | ||||||
| @@ -124,7 +120,7 @@ func BuildKubernetesSecretData(fields []*onepassword.ItemField, files []*onepass | |||||||
| 	for _, file := range files { | 	for _, file := range files { | ||||||
| 		content, err := file.Content() | 		content, err := file.Content() | ||||||
| 		if err != nil { | 		if err != nil { | ||||||
| 			log.Error(err, "Could not load contents of file %s", file.Name) | 			log.Error(err, fmt.Sprintf("Could not load contents of file %s", file.Name)) | ||||||
| 			continue | 			continue | ||||||
| 		} | 		} | ||||||
| 		if content != nil { | 		if content != nil { | ||||||
|   | |||||||
| @@ -3,11 +3,10 @@ package kubernetessecrets | |||||||
| import ( | import ( | ||||||
| 	"context" | 	"context" | ||||||
| 	"fmt" | 	"fmt" | ||||||
|  | 	"github.com/1Password/onepassword-operator/pkg/onepassword/model" | ||||||
| 	"strings" | 	"strings" | ||||||
| 	"testing" | 	"testing" | ||||||
|  |  | ||||||
| 	"github.com/1Password/connect-sdk-go/onepassword" |  | ||||||
|  |  | ||||||
| 	corev1 "k8s.io/api/core/v1" | 	corev1 "k8s.io/api/core/v1" | ||||||
| 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" | 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" | ||||||
| 	"k8s.io/apimachinery/pkg/types" | 	"k8s.io/apimachinery/pkg/types" | ||||||
| @@ -18,25 +17,26 @@ import ( | |||||||
| const restartDeploymentAnnotation = "false" | const restartDeploymentAnnotation = "false" | ||||||
|  |  | ||||||
| func TestCreateKubernetesSecretFromOnePasswordItem(t *testing.T) { | func TestCreateKubernetesSecretFromOnePasswordItem(t *testing.T) { | ||||||
|  | 	ctx := context.Background() | ||||||
| 	secretName := "test-secret-name" | 	secretName := "test-secret-name" | ||||||
| 	namespace := "test" | 	namespace := "test" | ||||||
|  |  | ||||||
| 	item := onepassword.Item{} | 	item := model.Item{} | ||||||
| 	item.Fields = generateFields(5) | 	item.Fields = generateFields(5) | ||||||
| 	item.Version = 123 | 	item.Version = 123 | ||||||
| 	item.Vault.ID = "hfnjvi6aymbsnfc2xeeoheizda" | 	item.VaultID = "hfnjvi6aymbsnfc2xeeoheizda" | ||||||
| 	item.ID = "h46bb3jddvay7nxopfhvlwg35q" | 	item.ID = "h46bb3jddvay7nxopfhvlwg35q" | ||||||
|  |  | ||||||
| 	kubeClient := fake.NewClientBuilder().Build() | 	kubeClient := fake.NewClientBuilder().Build() | ||||||
| 	secretLabels := map[string]string{} | 	secretLabels := map[string]string{} | ||||||
| 	secretType := "" | 	secretType := "" | ||||||
|  |  | ||||||
| 	err := CreateKubernetesSecretFromItem(kubeClient, secretName, namespace, &item, restartDeploymentAnnotation, secretLabels, secretType, nil) | 	err := CreateKubernetesSecretFromItem(ctx, kubeClient, secretName, namespace, &item, restartDeploymentAnnotation, secretLabels, secretType, nil) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		t.Errorf("Unexpected error: %v", err) | 		t.Errorf("Unexpected error: %v", err) | ||||||
| 	} | 	} | ||||||
| 	createdSecret := &corev1.Secret{} | 	createdSecret := &corev1.Secret{} | ||||||
| 	err = kubeClient.Get(context.Background(), types.NamespacedName{Name: secretName, Namespace: namespace}, createdSecret) | 	err = kubeClient.Get(ctx, types.NamespacedName{Name: secretName, Namespace: namespace}, createdSecret) | ||||||
|  |  | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		t.Errorf("Secret was not created: %v", err) | 		t.Errorf("Secret was not created: %v", err) | ||||||
| @@ -46,13 +46,14 @@ func TestCreateKubernetesSecretFromOnePasswordItem(t *testing.T) { | |||||||
| } | } | ||||||
|  |  | ||||||
| func TestKubernetesSecretFromOnePasswordItemOwnerReferences(t *testing.T) { | func TestKubernetesSecretFromOnePasswordItemOwnerReferences(t *testing.T) { | ||||||
|  | 	ctx := context.Background() | ||||||
| 	secretName := "test-secret-name" | 	secretName := "test-secret-name" | ||||||
| 	namespace := "test" | 	namespace := "test" | ||||||
|  |  | ||||||
| 	item := onepassword.Item{} | 	item := model.Item{} | ||||||
| 	item.Fields = generateFields(5) | 	item.Fields = generateFields(5) | ||||||
| 	item.Version = 123 | 	item.Version = 123 | ||||||
| 	item.Vault.ID = "hfnjvi6aymbsnfc2xeeoheizda" | 	item.VaultID = "hfnjvi6aymbsnfc2xeeoheizda" | ||||||
| 	item.ID = "h46bb3jddvay7nxopfhvlwg35q" | 	item.ID = "h46bb3jddvay7nxopfhvlwg35q" | ||||||
|  |  | ||||||
| 	kubeClient := fake.NewClientBuilder().Build() | 	kubeClient := fake.NewClientBuilder().Build() | ||||||
| @@ -65,12 +66,12 @@ func TestKubernetesSecretFromOnePasswordItemOwnerReferences(t *testing.T) { | |||||||
| 		Name:       "test-deployment", | 		Name:       "test-deployment", | ||||||
| 		UID:        types.UID("test-uid"), | 		UID:        types.UID("test-uid"), | ||||||
| 	} | 	} | ||||||
| 	err := CreateKubernetesSecretFromItem(kubeClient, secretName, namespace, &item, restartDeploymentAnnotation, secretLabels, secretType, ownerRef) | 	err := CreateKubernetesSecretFromItem(ctx, kubeClient, secretName, namespace, &item, restartDeploymentAnnotation, secretLabels, secretType, ownerRef) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		t.Errorf("Unexpected error: %v", err) | 		t.Errorf("Unexpected error: %v", err) | ||||||
| 	} | 	} | ||||||
| 	createdSecret := &corev1.Secret{} | 	createdSecret := &corev1.Secret{} | ||||||
| 	err = kubeClient.Get(context.Background(), types.NamespacedName{Name: secretName, Namespace: namespace}, createdSecret) | 	err = kubeClient.Get(ctx, types.NamespacedName{Name: secretName, Namespace: namespace}, createdSecret) | ||||||
|  |  | ||||||
| 	// Check owner references. | 	// Check owner references. | ||||||
| 	gotOwnerRefs := createdSecret.ObjectMeta.OwnerReferences | 	gotOwnerRefs := createdSecret.ObjectMeta.OwnerReferences | ||||||
| @@ -91,37 +92,38 @@ func TestKubernetesSecretFromOnePasswordItemOwnerReferences(t *testing.T) { | |||||||
| } | } | ||||||
|  |  | ||||||
| func TestUpdateKubernetesSecretFromOnePasswordItem(t *testing.T) { | func TestUpdateKubernetesSecretFromOnePasswordItem(t *testing.T) { | ||||||
|  | 	ctx := context.Background() | ||||||
| 	secretName := "test-secret-update" | 	secretName := "test-secret-update" | ||||||
| 	namespace := "test" | 	namespace := "test" | ||||||
|  |  | ||||||
| 	item := onepassword.Item{} | 	item := model.Item{} | ||||||
| 	item.Fields = generateFields(5) | 	item.Fields = generateFields(5) | ||||||
| 	item.Version = 123 | 	item.Version = 123 | ||||||
| 	item.Vault.ID = "hfnjvi6aymbsnfc2xeeoheizda" | 	item.VaultID = "hfnjvi6aymbsnfc2xeeoheizda" | ||||||
| 	item.ID = "h46bb3jddvay7nxopfhvlwg35q" | 	item.ID = "h46bb3jddvay7nxopfhvlwg35q" | ||||||
|  |  | ||||||
| 	kubeClient := fake.NewClientBuilder().Build() | 	kubeClient := fake.NewClientBuilder().Build() | ||||||
| 	secretLabels := map[string]string{} | 	secretLabels := map[string]string{} | ||||||
| 	secretType := "" | 	secretType := "" | ||||||
|  |  | ||||||
| 	err := CreateKubernetesSecretFromItem(kubeClient, secretName, namespace, &item, restartDeploymentAnnotation, secretLabels, secretType, nil) | 	err := CreateKubernetesSecretFromItem(ctx, kubeClient, secretName, namespace, &item, restartDeploymentAnnotation, secretLabels, secretType, nil) | ||||||
|  |  | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		t.Errorf("Unexpected error: %v", err) | 		t.Errorf("Unexpected error: %v", err) | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
| 	// Updating kubernetes secret with new item | 	// Updating kubernetes secret with new item | ||||||
| 	newItem := onepassword.Item{} | 	newItem := model.Item{} | ||||||
| 	newItem.Fields = generateFields(6) | 	newItem.Fields = generateFields(6) | ||||||
| 	newItem.Version = 456 | 	newItem.Version = 456 | ||||||
| 	newItem.Vault.ID = "hfnjvi6aymbsnfc2xeeoheizda" | 	newItem.VaultID = "hfnjvi6aymbsnfc2xeeoheizda" | ||||||
| 	newItem.ID = "h46bb3jddvay7nxopfhvlwg35q" | 	newItem.ID = "h46bb3jddvay7nxopfhvlwg35q" | ||||||
| 	err = CreateKubernetesSecretFromItem(kubeClient, secretName, namespace, &newItem, restartDeploymentAnnotation, secretLabels, secretType, nil) | 	err = CreateKubernetesSecretFromItem(ctx, kubeClient, secretName, namespace, &newItem, restartDeploymentAnnotation, secretLabels, secretType, nil) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		t.Errorf("Unexpected error: %v", err) | 		t.Errorf("Unexpected error: %v", err) | ||||||
| 	} | 	} | ||||||
| 	updatedSecret := &corev1.Secret{} | 	updatedSecret := &corev1.Secret{} | ||||||
| 	err = kubeClient.Get(context.Background(), types.NamespacedName{Name: secretName, Namespace: namespace}, updatedSecret) | 	err = kubeClient.Get(ctx, types.NamespacedName{Name: secretName, Namespace: namespace}, updatedSecret) | ||||||
|  |  | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		t.Errorf("Secret was not found: %v", err) | 		t.Errorf("Secret was not found: %v", err) | ||||||
| @@ -147,7 +149,7 @@ func TestBuildKubernetesSecretFromOnePasswordItem(t *testing.T) { | |||||||
| 	annotations := map[string]string{ | 	annotations := map[string]string{ | ||||||
| 		annotationKey: annotationValue, | 		annotationKey: annotationValue, | ||||||
| 	} | 	} | ||||||
| 	item := onepassword.Item{} | 	item := model.Item{} | ||||||
| 	item.Fields = generateFields(5) | 	item.Fields = generateFields(5) | ||||||
| 	labels := map[string]string{} | 	labels := map[string]string{} | ||||||
| 	secretType := "" | 	secretType := "" | ||||||
| @@ -173,10 +175,10 @@ func TestBuildKubernetesSecretFixesInvalidLabels(t *testing.T) { | |||||||
| 		"annotationKey": "annotationValue", | 		"annotationKey": "annotationValue", | ||||||
| 	} | 	} | ||||||
| 	labels := map[string]string{} | 	labels := map[string]string{} | ||||||
| 	item := onepassword.Item{} | 	item := model.Item{} | ||||||
| 	secretType := "" | 	secretType := "" | ||||||
|  |  | ||||||
| 	item.Fields = []*onepassword.ItemField{ | 	item.Fields = []model.ItemField{ | ||||||
| 		{ | 		{ | ||||||
| 			Label: "label w%th invalid ch!rs-", | 			Label: "label w%th invalid ch!rs-", | ||||||
| 			Value: "value1", | 			Value: "value1", | ||||||
| @@ -206,25 +208,26 @@ func TestBuildKubernetesSecretFixesInvalidLabels(t *testing.T) { | |||||||
| } | } | ||||||
|  |  | ||||||
| func TestCreateKubernetesTLSSecretFromOnePasswordItem(t *testing.T) { | func TestCreateKubernetesTLSSecretFromOnePasswordItem(t *testing.T) { | ||||||
|  | 	ctx := context.Background() | ||||||
| 	secretName := "tls-test-secret-name" | 	secretName := "tls-test-secret-name" | ||||||
| 	namespace := "test" | 	namespace := "test" | ||||||
|  |  | ||||||
| 	item := onepassword.Item{} | 	item := model.Item{} | ||||||
| 	item.Fields = generateFields(5) | 	item.Fields = generateFields(5) | ||||||
| 	item.Version = 123 | 	item.Version = 123 | ||||||
| 	item.Vault.ID = "hfnjvi6aymbsnfc2xeeoheizda" | 	item.VaultID = "hfnjvi6aymbsnfc2xeeoheizda" | ||||||
| 	item.ID = "h46bb3jddvay7nxopfhvlwg35q" | 	item.ID = "h46bb3jddvay7nxopfhvlwg35q" | ||||||
|  |  | ||||||
| 	kubeClient := fake.NewClientBuilder().Build() | 	kubeClient := fake.NewClientBuilder().Build() | ||||||
| 	secretLabels := map[string]string{} | 	secretLabels := map[string]string{} | ||||||
| 	secretType := "kubernetes.io/tls" | 	secretType := "kubernetes.io/tls" | ||||||
|  |  | ||||||
| 	err := CreateKubernetesSecretFromItem(kubeClient, secretName, namespace, &item, restartDeploymentAnnotation, secretLabels, secretType, nil) | 	err := CreateKubernetesSecretFromItem(ctx, kubeClient, secretName, namespace, &item, restartDeploymentAnnotation, secretLabels, secretType, nil) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		t.Errorf("Unexpected error: %v", err) | 		t.Errorf("Unexpected error: %v", err) | ||||||
| 	} | 	} | ||||||
| 	createdSecret := &corev1.Secret{} | 	createdSecret := &corev1.Secret{} | ||||||
| 	err = kubeClient.Get(context.Background(), types.NamespacedName{Name: secretName, Namespace: namespace}, createdSecret) | 	err = kubeClient.Get(ctx, types.NamespacedName{Name: secretName, Namespace: namespace}, createdSecret) | ||||||
|  |  | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		t.Errorf("Secret was not created: %v", err) | 		t.Errorf("Secret was not created: %v", err) | ||||||
| @@ -235,13 +238,13 @@ func TestCreateKubernetesTLSSecretFromOnePasswordItem(t *testing.T) { | |||||||
| 	} | 	} | ||||||
| } | } | ||||||
|  |  | ||||||
| func compareAnnotationsToItem(annotations map[string]string, item onepassword.Item, t *testing.T) { | func compareAnnotationsToItem(annotations map[string]string, item model.Item, t *testing.T) { | ||||||
| 	actualVaultId, actualItemId, err := ParseVaultIdAndItemIdFromPath(annotations[ItemPathAnnotation]) | 	actualVaultId, actualItemId, err := ParseVaultIdAndItemIdFromPath(annotations[ItemPathAnnotation]) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		t.Errorf("Was unable to parse Item Path") | 		t.Errorf("Was unable to parse Item Path") | ||||||
| 	} | 	} | ||||||
| 	if actualVaultId != item.Vault.ID { | 	if actualVaultId != item.VaultID { | ||||||
| 		t.Errorf("Expected annotation vault id to be %v but was %v", item.Vault.ID, actualVaultId) | 		t.Errorf("Expected annotation vault id to be %v but was %v", item.VaultID, actualVaultId) | ||||||
| 	} | 	} | ||||||
| 	if actualItemId != item.ID { | 	if actualItemId != item.ID { | ||||||
| 		t.Errorf("Expected annotation item id to be %v but was %v", item.ID, actualItemId) | 		t.Errorf("Expected annotation item id to be %v but was %v", item.ID, actualItemId) | ||||||
| @@ -255,7 +258,7 @@ func compareAnnotationsToItem(annotations map[string]string, item onepassword.It | |||||||
| 	} | 	} | ||||||
| } | } | ||||||
|  |  | ||||||
| func compareFields(actualFields []*onepassword.ItemField, secretData map[string][]byte, t *testing.T) { | func compareFields(actualFields []model.ItemField, secretData map[string][]byte, t *testing.T) { | ||||||
| 	for i := 0; i < len(actualFields); i++ { | 	for i := 0; i < len(actualFields); i++ { | ||||||
| 		value, found := secretData[actualFields[i].Label] | 		value, found := secretData[actualFields[i].Label] | ||||||
| 		if !found { | 		if !found { | ||||||
| @@ -267,14 +270,13 @@ func compareFields(actualFields []*onepassword.ItemField, secretData map[string] | |||||||
| 	} | 	} | ||||||
| } | } | ||||||
|  |  | ||||||
| func generateFields(numToGenerate int) []*onepassword.ItemField { | func generateFields(numToGenerate int) []model.ItemField { | ||||||
| 	fields := []*onepassword.ItemField{} | 	fields := []model.ItemField{} | ||||||
| 	for i := 0; i < numToGenerate; i++ { | 	for i := 0; i < numToGenerate; i++ { | ||||||
| 		field := onepassword.ItemField{ | 		fields = append(fields, model.ItemField{ | ||||||
| 			Label: "key" + fmt.Sprint(i), | 			Label: "key" + fmt.Sprint(i), | ||||||
| 			Value: "value" + fmt.Sprint(i), | 			Value: "value" + fmt.Sprint(i), | ||||||
| 		} | 		}) | ||||||
| 		fields = append(fields, &field) |  | ||||||
| 	} | 	} | ||||||
| 	return fields | 	return fields | ||||||
| } | } | ||||||
|   | |||||||
							
								
								
									
										11
									
								
								pkg/logs/log_levels.go
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										11
									
								
								pkg/logs/log_levels.go
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,11 @@ | |||||||
|  | package logs | ||||||
|  |  | ||||||
|  | // A Level is a logging priority. Lower levels are more important. | ||||||
|  | // All levels have been multipled by -1 to ensure compatibilty | ||||||
|  | // between zapcore and logr | ||||||
|  | const ( | ||||||
|  | 	ErrorLevel = -2 | ||||||
|  | 	WarnLevel  = -1 | ||||||
|  | 	InfoLevel  = 0 | ||||||
|  | 	DebugLevel = 1 | ||||||
|  | ) | ||||||
| @@ -1,151 +1,38 @@ | |||||||
| package mocks | package mocks | ||||||
|  |  | ||||||
| import ( | import ( | ||||||
| 	"github.com/1Password/connect-sdk-go/onepassword" | 	"context" | ||||||
|  | 	"github.com/stretchr/testify/mock" | ||||||
|  |  | ||||||
|  | 	"github.com/1Password/onepassword-operator/pkg/onepassword/model" | ||||||
| ) | ) | ||||||
|  |  | ||||||
| type TestClient struct { | type TestClient struct { | ||||||
| 	GetVaultsFunc                 func() ([]onepassword.Vault, error) | 	mock.Mock | ||||||
| 	GetVaultsByTitleFunc          func(title string) ([]onepassword.Vault, error) |  | ||||||
| 	GetVaultFunc                  func(uuid string) (*onepassword.Vault, error) |  | ||||||
| 	GetVaultByUUIDFunc            func(uuid string) (*onepassword.Vault, error) |  | ||||||
| 	GetVaultByTitleFunc           func(title string) (*onepassword.Vault, error) |  | ||||||
| 	GetItemFunc                   func(itemQuery string, vaultQuery string) (*onepassword.Item, error) |  | ||||||
| 	GetItemByUUIDFunc             func(uuid string, vaultQuery string) (*onepassword.Item, error) |  | ||||||
| 	GetItemByTitleFunc            func(title string, vaultQuery string) (*onepassword.Item, error) |  | ||||||
| 	GetItemsFunc                  func(vaultQuery string) ([]onepassword.Item, error) |  | ||||||
| 	GetItemsByTitleFunc           func(title string, vaultQuery string) ([]onepassword.Item, error) |  | ||||||
| 	CreateItemFunc                func(item *onepassword.Item, vaultQuery string) (*onepassword.Item, error) |  | ||||||
| 	UpdateItemFunc                func(item *onepassword.Item, vaultQuery string) (*onepassword.Item, error) |  | ||||||
| 	DeleteItemFunc                func(item *onepassword.Item, vaultQuery string) error |  | ||||||
| 	DeleteItemByIDFunc            func(itemUUID string, vaultQuery string) error |  | ||||||
| 	DeleteItemByTitleFunc         func(title string, vaultQuery string) error |  | ||||||
| 	GetFilesFunc                  func(itemQuery string, vaultQuery string) ([]onepassword.File, error) |  | ||||||
| 	GetFileFunc                   func(uuid string, itemQuery string, vaultQuery string) (*onepassword.File, error) |  | ||||||
| 	GetFileContentFunc            func(file *onepassword.File) ([]byte, error) |  | ||||||
| 	DownloadFileFunc              func(file *onepassword.File, targetDirectory string, overwrite bool) (string, error) |  | ||||||
| 	LoadStructFromItemByUUIDFunc  func(config interface{}, itemUUID string, vaultQuery string) error |  | ||||||
| 	LoadStructFromItemByTitleFunc func(config interface{}, itemTitle string, vaultQuery string) error |  | ||||||
| 	LoadStructFromItemFunc        func(config interface{}, itemQuery string, vaultQuery string) error |  | ||||||
| 	LoadStructFunc                func(config interface{}) error |  | ||||||
| } | } | ||||||
|  |  | ||||||
| var ( | func (tc *TestClient) GetItemByID(ctx context.Context, vaultID, itemID string) (*model.Item, error) { | ||||||
| 	DoGetVaultsFunc                 func() ([]onepassword.Vault, error) | 	args := tc.Called(vaultID, itemID) | ||||||
| 	DoGetVaultsByTitleFunc          func(title string) ([]onepassword.Vault, error) | 	if args.Get(0) == nil { | ||||||
| 	DoGetVaultFunc                  func(uuid string) (*onepassword.Vault, error) | 		return nil, args.Error(1) | ||||||
| 	DoGetVaultByUUIDFunc            func(uuid string) (*onepassword.Vault, error) | 	} | ||||||
| 	DoGetVaultByTitleFunc           func(title string) (*onepassword.Vault, error) | 	return args.Get(0).(*model.Item), args.Error(1) | ||||||
| 	DoGetItemFunc                   func(itemQuery string, vaultQuery string) (*onepassword.Item, error) |  | ||||||
| 	DoGetItemByUUIDFunc             func(uuid string, vaultQuery string) (*onepassword.Item, error) |  | ||||||
| 	DoGetItemByTitleFunc            func(title string, vaultQuery string) (*onepassword.Item, error) |  | ||||||
| 	DoGetItemsFunc                  func(vaultQuery string) ([]onepassword.Item, error) |  | ||||||
| 	DoGetItemsByTitleFunc           func(title string, vaultQuery string) ([]onepassword.Item, error) |  | ||||||
| 	DoCreateItemFunc                func(item *onepassword.Item, vaultQuery string) (*onepassword.Item, error) |  | ||||||
| 	DoUpdateItemFunc                func(item *onepassword.Item, vaultQuery string) (*onepassword.Item, error) |  | ||||||
| 	DoDeleteItemFunc                func(item *onepassword.Item, vaultQuery string) error |  | ||||||
| 	DoDeleteItemByIDFunc            func(itemUUID string, vaultQuery string) error |  | ||||||
| 	DoDeleteItemByTitleFunc         func(title string, vaultQuery string) error |  | ||||||
| 	DoGetFilesFunc                  func(itemQuery string, vaultQuery string) ([]onepassword.File, error) |  | ||||||
| 	DoGetFileFunc                   func(uuid string, itemQuery string, vaultQuery string) (*onepassword.File, error) |  | ||||||
| 	DoGetFileContentFunc            func(file *onepassword.File) ([]byte, error) |  | ||||||
| 	DoDownloadFileFunc              func(file *onepassword.File, targetDirectory string, overwrite bool) (string, error) |  | ||||||
| 	DoLoadStructFromItemByUUIDFunc  func(config interface{}, itemUUID string, vaultQuery string) error |  | ||||||
| 	DoLoadStructFromItemByTitleFunc func(config interface{}, itemTitle string, vaultQuery string) error |  | ||||||
| 	DoLoadStructFromItemFunc        func(config interface{}, itemQuery string, vaultQuery string) error |  | ||||||
| 	DoLoadStructFunc                func(config interface{}) error |  | ||||||
| ) |  | ||||||
|  |  | ||||||
| // Do is the mock client's `Do` func |  | ||||||
|  |  | ||||||
| func (m *TestClient) GetVaults() ([]onepassword.Vault, error) { |  | ||||||
| 	return DoGetVaultsFunc() |  | ||||||
| } | } | ||||||
|  |  | ||||||
| func (m *TestClient) GetVaultsByTitle(title string) ([]onepassword.Vault, error) { | func (tc *TestClient) GetItemsByTitle(ctx context.Context, vaultID, itemTitle string) ([]model.Item, error) { | ||||||
| 	return DoGetVaultsByTitleFunc(title) | 	args := tc.Called(vaultID, itemTitle) | ||||||
|  | 	return args.Get(0).([]model.Item), args.Error(1) | ||||||
| } | } | ||||||
|  |  | ||||||
| func (m *TestClient) GetVault(vaultQuery string) (*onepassword.Vault, error) { | func (tc *TestClient) GetFileContent(ctx context.Context, vaultID, itemID, fileID string) ([]byte, error) { | ||||||
| 	return DoGetVaultFunc(vaultQuery) | 	args := tc.Called(vaultID, itemID, fileID) | ||||||
|  | 	if args.Get(0) == nil { | ||||||
|  | 		return nil, args.Error(1) | ||||||
|  | 	} | ||||||
|  | 	return args.Get(0).([]byte), args.Error(1) | ||||||
| } | } | ||||||
|  |  | ||||||
| func (m *TestClient) GetVaultByUUID(uuid string) (*onepassword.Vault, error) { | func (tc *TestClient) GetVaultsByTitle(ctx context.Context, title string) ([]model.Vault, error) { | ||||||
| 	return DoGetVaultByUUIDFunc(uuid) | 	args := tc.Called(title) | ||||||
| } | 	return args.Get(0).([]model.Vault), args.Error(1) | ||||||
|  |  | ||||||
| func (m *TestClient) GetVaultByTitle(title string) (*onepassword.Vault, error) { |  | ||||||
| 	return DoGetVaultByTitleFunc(title) |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func (m *TestClient) GetItem(itemQuery string, vaultQuery string) (*onepassword.Item, error) { |  | ||||||
| 	return DoGetItemFunc(itemQuery, vaultQuery) |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func (m *TestClient) GetItemByUUID(uuid string, vaultQuery string) (*onepassword.Item, error) { |  | ||||||
| 	return DoGetItemByUUIDFunc(uuid, vaultQuery) |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func (m *TestClient) GetItemByTitle(title string, vaultQuery string) (*onepassword.Item, error) { |  | ||||||
| 	return DoGetItemByTitleFunc(title, vaultQuery) |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func (m *TestClient) GetItems(vaultQuery string) ([]onepassword.Item, error) { |  | ||||||
| 	return DoGetItemsFunc(vaultQuery) |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func (m *TestClient) GetItemsByTitle(title string, vaultQuery string) ([]onepassword.Item, error) { |  | ||||||
| 	return DoGetItemsByTitleFunc(title, vaultQuery) |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func (m *TestClient) CreateItem(item *onepassword.Item, vaultQuery string) (*onepassword.Item, error) { |  | ||||||
| 	return DoCreateItemFunc(item, vaultQuery) |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func (m *TestClient) UpdateItem(item *onepassword.Item, vaultQuery string) (*onepassword.Item, error) { |  | ||||||
| 	return DoUpdateItemFunc(item, vaultQuery) |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func (m *TestClient) DeleteItem(item *onepassword.Item, vaultQuery string) error { |  | ||||||
| 	return DoDeleteItemFunc(item, vaultQuery) |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func (m *TestClient) DeleteItemByID(itemUUID string, vaultQuery string) error { |  | ||||||
| 	return DoDeleteItemByIDFunc(itemUUID, vaultQuery) |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func (m *TestClient) DeleteItemByTitle(title string, vaultQuery string) error { |  | ||||||
| 	return DoDeleteItemByTitleFunc(title, vaultQuery) |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func (m *TestClient) GetFiles(itemQuery string, vaultQuery string) ([]onepassword.File, error) { |  | ||||||
| 	return DoGetFilesFunc(itemQuery, vaultQuery) |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func (m *TestClient) GetFile(uuid string, itemQuery string, vaultQuery string) (*onepassword.File, error) { |  | ||||||
| 	return DoGetFileFunc(uuid, itemQuery, vaultQuery) |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func (m *TestClient) GetFileContent(file *onepassword.File) ([]byte, error) { |  | ||||||
| 	return DoGetFileContentFunc(file) |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func (m *TestClient) DownloadFile(file *onepassword.File, targetDirectory string, overwrite bool) (string, error) { |  | ||||||
| 	return DoDownloadFileFunc(file, targetDirectory, overwrite) |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func (m *TestClient) LoadStructFromItemByUUID(config interface{}, itemUUID string, vaultQuery string) error { |  | ||||||
| 	return DoLoadStructFromItemByUUIDFunc(config, itemUUID, vaultQuery) |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func (m *TestClient) LoadStructFromItemByTitle(config interface{}, itemTitle string, vaultQuery string) error { |  | ||||||
| 	return DoLoadStructFromItemByTitleFunc(config, itemTitle, vaultQuery) |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func (m *TestClient) LoadStructFromItem(config interface{}, itemQuery string, vaultQuery string) error { |  | ||||||
| 	return DoLoadStructFromItemFunc(config, itemQuery, vaultQuery) |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func (m *TestClient) LoadStruct(config interface{}) error { |  | ||||||
| 	return DoLoadStructFunc(config) |  | ||||||
| } | } | ||||||
|   | |||||||
							
								
								
									
										56
									
								
								pkg/onepassword/client/client.go
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										56
									
								
								pkg/onepassword/client/client.go
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,56 @@ | |||||||
|  | package client | ||||||
|  |  | ||||||
|  | import ( | ||||||
|  | 	"context" | ||||||
|  | 	"errors" | ||||||
|  | 	"os" | ||||||
|  |  | ||||||
|  | 	"github.com/go-logr/logr" | ||||||
|  |  | ||||||
|  | 	"github.com/1Password/onepassword-operator/pkg/onepassword/client/connect" | ||||||
|  | 	"github.com/1Password/onepassword-operator/pkg/onepassword/client/sdk" | ||||||
|  | 	"github.com/1Password/onepassword-operator/pkg/onepassword/model" | ||||||
|  | ) | ||||||
|  |  | ||||||
|  | // Client is an interface for interacting with 1Password items and vaults. | ||||||
|  | type Client interface { | ||||||
|  | 	GetItemByID(ctx context.Context, vaultID, itemID string) (*model.Item, error) | ||||||
|  | 	GetItemsByTitle(ctx context.Context, vaultID, itemTitle string) ([]model.Item, error) | ||||||
|  | 	GetFileContent(ctx context.Context, vaultID, itemID, fileID string) ([]byte, error) | ||||||
|  | 	GetVaultsByTitle(ctx context.Context, title string) ([]model.Vault, error) | ||||||
|  | } | ||||||
|  |  | ||||||
|  | type Config struct { | ||||||
|  | 	Logger  logr.Logger | ||||||
|  | 	Version string | ||||||
|  | } | ||||||
|  |  | ||||||
|  | // NewFromEnvironment creates a new 1Password client based on the provided configuration. | ||||||
|  | func NewFromEnvironment(ctx context.Context, cfg Config) (Client, error) { | ||||||
|  | 	connectHost, _ := os.LookupEnv("OP_CONNECT_HOST") | ||||||
|  | 	connectToken, _ := os.LookupEnv("OP_CONNECT_TOKEN") | ||||||
|  | 	serviceAccountToken, _ := os.LookupEnv("OP_SERVICE_ACCOUNT_TOKEN") | ||||||
|  |  | ||||||
|  | 	if connectHost != "" && connectToken != "" && serviceAccountToken != "" { | ||||||
|  | 		return nil, errors.New("invalid configuration. Either Connect or Service Account credentials should be set, not both") | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	if serviceAccountToken != "" { | ||||||
|  | 		cfg.Logger.Info("Using Service Account Token") | ||||||
|  | 		return sdk.NewClient(ctx, sdk.Config{ | ||||||
|  | 			ServiceAccountToken: serviceAccountToken, | ||||||
|  | 			IntegrationName:     "1password-operator", | ||||||
|  | 			IntegrationVersion:  cfg.Version, | ||||||
|  | 		}) | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	if connectHost != "" && connectToken != "" { | ||||||
|  | 		cfg.Logger.Info("Using 1Password Connect") | ||||||
|  | 		return connect.NewClient(connect.Config{ | ||||||
|  | 			ConnectHost:  connectHost, | ||||||
|  | 			ConnectToken: connectToken, | ||||||
|  | 		}), nil | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	return nil, errors.New("invalid configuration. Connect or Service Account credentials should be set") | ||||||
|  | } | ||||||
							
								
								
									
										103
									
								
								pkg/onepassword/client/connect/connect.go
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										103
									
								
								pkg/onepassword/client/connect/connect.go
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,103 @@ | |||||||
|  | package connect | ||||||
|  |  | ||||||
|  | import ( | ||||||
|  | 	"context" | ||||||
|  | 	"errors" | ||||||
|  | 	"fmt" | ||||||
|  | 	"time" | ||||||
|  |  | ||||||
|  | 	"github.com/1Password/connect-sdk-go/connect" | ||||||
|  | 	"github.com/1Password/connect-sdk-go/onepassword" | ||||||
|  | 	"github.com/1Password/onepassword-operator/pkg/onepassword/model" | ||||||
|  | ) | ||||||
|  |  | ||||||
|  | // Config holds the configuration for the Connect client. | ||||||
|  | type Config struct { | ||||||
|  | 	ConnectHost  string | ||||||
|  | 	ConnectToken string | ||||||
|  | } | ||||||
|  |  | ||||||
|  | // Connect is a client for interacting with 1Password using the Connect API. | ||||||
|  | type Connect struct { | ||||||
|  | 	client connect.Client | ||||||
|  | } | ||||||
|  |  | ||||||
|  | // NewClient creates a new Connect client using provided configuration. | ||||||
|  | func NewClient(config Config) *Connect { | ||||||
|  | 	return &Connect{ | ||||||
|  | 		client: connect.NewClient(config.ConnectHost, config.ConnectToken), | ||||||
|  | 	} | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func (c *Connect) GetItemByID(ctx context.Context, vaultID, itemID string) (*model.Item, error) { | ||||||
|  | 	connectItem, err := c.client.GetItemByUUID(itemID, vaultID) | ||||||
|  | 	if err != nil { | ||||||
|  | 		return nil, fmt.Errorf("failed to GetItemByID using 1Password Connect: %w", err) | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	var item model.Item | ||||||
|  | 	item.FromConnectItem(connectItem) | ||||||
|  | 	return &item, nil | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func (c *Connect) GetItemsByTitle(ctx context.Context, vaultID, itemTitle string) ([]model.Item, error) { | ||||||
|  | 	// Get all items in the vault with the specified title | ||||||
|  | 	connectItems, err := c.client.GetItemsByTitle(itemTitle, vaultID) | ||||||
|  | 	if err != nil { | ||||||
|  | 		return nil, fmt.Errorf("failed to GetItemsByTitle using 1Password Connect: %w", err) | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	items := make([]model.Item, len(connectItems)) | ||||||
|  | 	for i, connectItem := range connectItems { | ||||||
|  | 		var item model.Item | ||||||
|  | 		item.FromConnectItem(&connectItem) | ||||||
|  | 		items[i] = item | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	return items, nil | ||||||
|  | } | ||||||
|  |  | ||||||
|  | // GetFileContent retrieves the content of a file from a 1Password item. | ||||||
|  | // As the Connect has a delay when synchronizing files and returns a 500 error in this case, this function implements a retry mechanism. | ||||||
|  | func (c *Connect) GetFileContent(ctx context.Context, vaultID, itemID, fileID string) ([]byte, error) { | ||||||
|  | 	const maxRetries = 5 | ||||||
|  | 	const delay = 1 * time.Second | ||||||
|  |  | ||||||
|  | 	var lastErr error | ||||||
|  | 	for i := 0; i < maxRetries; i++ { | ||||||
|  | 		bytes, err := c.client.GetFileContent(&onepassword.File{ | ||||||
|  | 			ContentPath: fmt.Sprintf("/v1/vaults/%s/items/%s/files/%s/content", vaultID, itemID, fileID), | ||||||
|  | 		}) | ||||||
|  | 		if err == nil { | ||||||
|  | 			return bytes, nil | ||||||
|  | 		} | ||||||
|  |  | ||||||
|  | 		var connectErr *onepassword.Error | ||||||
|  | 		if errors.As(err, &connectErr) && connectErr.StatusCode == 500 { | ||||||
|  | 			lastErr = err | ||||||
|  | 			time.Sleep(delay) | ||||||
|  | 			continue | ||||||
|  | 		} | ||||||
|  |  | ||||||
|  | 		return nil, fmt.Errorf("failed to GetFileContent using 1Password Connect: %w", err) | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	return nil, fmt.Errorf("failed to GetFileContent using 1Password Connect after %d retries: %w", maxRetries, lastErr) | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func (c *Connect) GetVaultsByTitle(ctx context.Context, vaultQuery string) ([]model.Vault, error) { | ||||||
|  | 	connectVaults, err := c.client.GetVaultsByTitle(vaultQuery) | ||||||
|  | 	if err != nil { | ||||||
|  | 		return nil, fmt.Errorf("failed to GetVaultsByTitle using 1Password Connect: %w", err) | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	var vaults []model.Vault | ||||||
|  | 	for _, connectVault := range connectVaults { | ||||||
|  | 		if vaultQuery == connectVault.Name { | ||||||
|  | 			var vault model.Vault | ||||||
|  | 			vault.FromConnectVault(&connectVault) | ||||||
|  | 			vaults = append(vaults, vault) | ||||||
|  | 		} | ||||||
|  | 	} | ||||||
|  | 	return vaults, nil | ||||||
|  | } | ||||||
							
								
								
									
										241
									
								
								pkg/onepassword/client/connect/connect_test.go
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										241
									
								
								pkg/onepassword/client/connect/connect_test.go
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,241 @@ | |||||||
|  | package connect | ||||||
|  |  | ||||||
|  | import ( | ||||||
|  | 	"context" | ||||||
|  | 	"errors" | ||||||
|  | 	"testing" | ||||||
|  | 	"time" | ||||||
|  |  | ||||||
|  | 	"github.com/stretchr/testify/require" | ||||||
|  |  | ||||||
|  | 	"github.com/1Password/connect-sdk-go/onepassword" | ||||||
|  | 	clienttesting "github.com/1Password/onepassword-operator/pkg/onepassword/client/testing" | ||||||
|  | 	"github.com/1Password/onepassword-operator/pkg/onepassword/client/testing/mock" | ||||||
|  | 	"github.com/1Password/onepassword-operator/pkg/onepassword/model" | ||||||
|  | ) | ||||||
|  |  | ||||||
|  | const VaultTitleEmployee = "Employee" | ||||||
|  |  | ||||||
|  | func TestConnect_GetItemByID(t *testing.T) { | ||||||
|  | 	connectItem := clienttesting.CreateConnectItem() | ||||||
|  |  | ||||||
|  | 	testCases := map[string]struct { | ||||||
|  | 		mockClient func() *mock.ConnectClientMock | ||||||
|  | 		check      func(t *testing.T, item *model.Item, err error) | ||||||
|  | 	}{ | ||||||
|  | 		"should return an item": { | ||||||
|  | 			mockClient: func() *mock.ConnectClientMock { | ||||||
|  | 				mockConnectClient := &mock.ConnectClientMock{} | ||||||
|  | 				mockConnectClient.On("GetItemByUUID", "item-id", "vault-id").Return(connectItem, nil) | ||||||
|  | 				return mockConnectClient | ||||||
|  | 			}, | ||||||
|  | 			check: func(t *testing.T, item *model.Item, err error) { | ||||||
|  | 				require.NoError(t, err) | ||||||
|  | 				clienttesting.CheckConnectItemMapping(t, connectItem, item) | ||||||
|  | 			}, | ||||||
|  | 		}, | ||||||
|  | 		"should return an error": { | ||||||
|  | 			mockClient: func() *mock.ConnectClientMock { | ||||||
|  | 				mockConnectClient := &mock.ConnectClientMock{} | ||||||
|  | 				mockConnectClient.On("GetItemByUUID", "item-id", "vault-id").Return((*onepassword.Item)(nil), errors.New("error")) | ||||||
|  | 				return mockConnectClient | ||||||
|  | 			}, | ||||||
|  | 			check: func(t *testing.T, item *model.Item, err error) { | ||||||
|  | 				require.Error(t, err) | ||||||
|  | 				require.Nil(t, item) | ||||||
|  | 			}, | ||||||
|  | 		}, | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	for description, tc := range testCases { | ||||||
|  | 		t.Run(description, func(t *testing.T) { | ||||||
|  | 			client := &Connect{client: tc.mockClient()} | ||||||
|  | 			item, err := client.GetItemByID(context.Background(), "vault-id", "item-id") | ||||||
|  | 			tc.check(t, item, err) | ||||||
|  | 		}) | ||||||
|  | 	} | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func TestConnect_GetItemsByTitle(t *testing.T) { | ||||||
|  | 	connectItem1 := clienttesting.CreateConnectItem() | ||||||
|  | 	connectItem2 := clienttesting.CreateConnectItem() | ||||||
|  |  | ||||||
|  | 	testCases := map[string]struct { | ||||||
|  | 		mockClient func() *mock.ConnectClientMock | ||||||
|  | 		check      func(t *testing.T, items []model.Item, err error) | ||||||
|  | 	}{ | ||||||
|  | 		"should return a single item": { | ||||||
|  | 			mockClient: func() *mock.ConnectClientMock { | ||||||
|  | 				mockConnectClient := &mock.ConnectClientMock{} | ||||||
|  | 				mockConnectClient.On("GetItemsByTitle", "item-title", "vault-id").Return( | ||||||
|  | 					[]onepassword.Item{ | ||||||
|  | 						*connectItem1, | ||||||
|  | 					}, nil) | ||||||
|  | 				return mockConnectClient | ||||||
|  | 			}, | ||||||
|  | 			check: func(t *testing.T, items []model.Item, err error) { | ||||||
|  | 				require.NoError(t, err) | ||||||
|  | 				require.Len(t, items, 1) | ||||||
|  | 				require.Equal(t, connectItem1.ID, items[0].ID) | ||||||
|  | 			}, | ||||||
|  | 		}, | ||||||
|  | 		"should return two items": { | ||||||
|  | 			mockClient: func() *mock.ConnectClientMock { | ||||||
|  | 				mockConnectClient := &mock.ConnectClientMock{} | ||||||
|  | 				mockConnectClient.On("GetItemsByTitle", "item-title", "vault-id").Return( | ||||||
|  | 					[]onepassword.Item{ | ||||||
|  | 						*connectItem1, | ||||||
|  | 						*connectItem2, | ||||||
|  | 					}, nil) | ||||||
|  | 				return mockConnectClient | ||||||
|  | 			}, | ||||||
|  | 			check: func(t *testing.T, items []model.Item, err error) { | ||||||
|  | 				require.NoError(t, err) | ||||||
|  | 				require.Len(t, items, 2) | ||||||
|  | 				clienttesting.CheckConnectItemMapping(t, connectItem1, &items[0]) | ||||||
|  | 				clienttesting.CheckConnectItemMapping(t, connectItem2, &items[1]) | ||||||
|  | 			}, | ||||||
|  | 		}, | ||||||
|  | 		"should return an error": { | ||||||
|  | 			mockClient: func() *mock.ConnectClientMock { | ||||||
|  | 				mockConnectClient := &mock.ConnectClientMock{} | ||||||
|  | 				mockConnectClient.On("GetItemsByTitle", "item-title", "vault-id").Return([]onepassword.Item{}, errors.New("error")) | ||||||
|  | 				return mockConnectClient | ||||||
|  | 			}, | ||||||
|  | 			check: func(t *testing.T, items []model.Item, err error) { | ||||||
|  | 				require.Error(t, err) | ||||||
|  | 				require.Nil(t, items) | ||||||
|  | 			}, | ||||||
|  | 		}, | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	for description, tc := range testCases { | ||||||
|  | 		t.Run(description, func(t *testing.T) { | ||||||
|  | 			client := &Connect{client: tc.mockClient()} | ||||||
|  | 			items, err := client.GetItemsByTitle(context.Background(), "vault-id", "item-title") | ||||||
|  | 			tc.check(t, items, err) | ||||||
|  | 		}) | ||||||
|  | 	} | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func TestConnect_GetFileContent(t *testing.T) { | ||||||
|  | 	testCases := map[string]struct { | ||||||
|  | 		mockClient func() *mock.ConnectClientMock | ||||||
|  | 		check      func(t *testing.T, content []byte, err error) | ||||||
|  | 	}{ | ||||||
|  | 		"should return file content": { | ||||||
|  | 			mockClient: func() *mock.ConnectClientMock { | ||||||
|  | 				mockConnectClient := &mock.ConnectClientMock{} | ||||||
|  | 				mockConnectClient.On("GetFileContent", &onepassword.File{ | ||||||
|  | 					ContentPath: "/v1/vaults/vault-id/items/item-id/files/file-id/content", | ||||||
|  | 				}).Return([]byte("file content"), nil) | ||||||
|  | 				return mockConnectClient | ||||||
|  | 			}, | ||||||
|  | 			check: func(t *testing.T, content []byte, err error) { | ||||||
|  | 				require.NoError(t, err) | ||||||
|  | 				require.Equal(t, []byte("file content"), content) | ||||||
|  | 			}, | ||||||
|  | 		}, | ||||||
|  | 		"should return an error": { | ||||||
|  | 			mockClient: func() *mock.ConnectClientMock { | ||||||
|  | 				mockConnectClient := &mock.ConnectClientMock{} | ||||||
|  | 				mockConnectClient.On("GetFileContent", &onepassword.File{ | ||||||
|  | 					ContentPath: "/v1/vaults/vault-id/items/item-id/files/file-id/content", | ||||||
|  | 				}).Return(nil, errors.New("error")) | ||||||
|  | 				return mockConnectClient | ||||||
|  | 			}, | ||||||
|  | 			check: func(t *testing.T, content []byte, err error) { | ||||||
|  | 				require.Error(t, err) | ||||||
|  | 				require.Nil(t, content) | ||||||
|  | 			}, | ||||||
|  | 		}, | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	for description, tc := range testCases { | ||||||
|  | 		t.Run(description, func(t *testing.T) { | ||||||
|  | 			client := &Connect{client: tc.mockClient()} | ||||||
|  | 			content, err := client.GetFileContent(context.Background(), "vault-id", "item-id", "file-id") | ||||||
|  | 			tc.check(t, content, err) | ||||||
|  | 		}) | ||||||
|  | 	} | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func TestConnect_GetVaultsByTitle(t *testing.T) { | ||||||
|  | 	now := time.Now() | ||||||
|  | 	testCases := map[string]struct { | ||||||
|  | 		mockClient func() *mock.ConnectClientMock | ||||||
|  | 		check      func(t *testing.T, vaults []model.Vault, err error) | ||||||
|  | 	}{ | ||||||
|  | 		"should return a single vault": { | ||||||
|  | 			mockClient: func() *mock.ConnectClientMock { | ||||||
|  | 				mockConnectClient := &mock.ConnectClientMock{} | ||||||
|  | 				mockConnectClient.On("GetVaultsByTitle", VaultTitleEmployee).Return([]onepassword.Vault{ | ||||||
|  | 					{ | ||||||
|  | 						ID:        "test-id", | ||||||
|  | 						Name:      VaultTitleEmployee, | ||||||
|  | 						CreatedAt: now, | ||||||
|  | 					}, | ||||||
|  | 					{ | ||||||
|  | 						ID:        "test-id-2", | ||||||
|  | 						Name:      "Some other vault", | ||||||
|  | 						CreatedAt: now, | ||||||
|  | 					}, | ||||||
|  | 				}, nil) | ||||||
|  | 				return mockConnectClient | ||||||
|  | 			}, | ||||||
|  | 			check: func(t *testing.T, vaults []model.Vault, err error) { | ||||||
|  | 				require.NoError(t, err) | ||||||
|  | 				require.Len(t, vaults, 1) | ||||||
|  | 				require.Equal(t, "test-id", vaults[0].ID) | ||||||
|  | 				require.Equal(t, now, vaults[0].CreatedAt) | ||||||
|  | 			}, | ||||||
|  | 		}, | ||||||
|  | 		"should return a two vaults": { | ||||||
|  | 			mockClient: func() *mock.ConnectClientMock { | ||||||
|  | 				mockConnectClient := &mock.ConnectClientMock{} | ||||||
|  | 				mockConnectClient.On("GetVaultsByTitle", VaultTitleEmployee).Return([]onepassword.Vault{ | ||||||
|  | 					{ | ||||||
|  | 						ID:        "test-id", | ||||||
|  | 						Name:      VaultTitleEmployee, | ||||||
|  | 						CreatedAt: now, | ||||||
|  | 					}, | ||||||
|  | 					{ | ||||||
|  | 						ID:        "test-id-2", | ||||||
|  | 						Name:      VaultTitleEmployee, | ||||||
|  | 						CreatedAt: now, | ||||||
|  | 					}, | ||||||
|  | 				}, nil) | ||||||
|  | 				return mockConnectClient | ||||||
|  | 			}, | ||||||
|  | 			check: func(t *testing.T, vaults []model.Vault, err error) { | ||||||
|  | 				require.NoError(t, err) | ||||||
|  | 				require.Len(t, vaults, 2) | ||||||
|  | 				// Check the first vault | ||||||
|  | 				require.Equal(t, "test-id", vaults[0].ID) | ||||||
|  | 				require.Equal(t, now, vaults[0].CreatedAt) | ||||||
|  | 				// Check the second vault | ||||||
|  | 				require.Equal(t, "test-id-2", vaults[1].ID) | ||||||
|  | 				require.Equal(t, now, vaults[1].CreatedAt) | ||||||
|  | 			}, | ||||||
|  | 		}, | ||||||
|  | 		"should return an error": { | ||||||
|  | 			mockClient: func() *mock.ConnectClientMock { | ||||||
|  | 				mockConnectClient := &mock.ConnectClientMock{} | ||||||
|  | 				mockConnectClient.On("GetVaultsByTitle", VaultTitleEmployee).Return([]onepassword.Vault{}, errors.New("error")) | ||||||
|  | 				return mockConnectClient | ||||||
|  | 			}, | ||||||
|  | 			check: func(t *testing.T, vaults []model.Vault, err error) { | ||||||
|  | 				require.Error(t, err) | ||||||
|  | 				require.Empty(t, vaults) | ||||||
|  | 			}, | ||||||
|  | 		}, | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	for description, tc := range testCases { | ||||||
|  | 		t.Run(description, func(t *testing.T) { | ||||||
|  | 			client := &Connect{client: tc.mockClient()} | ||||||
|  | 			vault, err := client.GetVaultsByTitle(context.Background(), VaultTitleEmployee) | ||||||
|  | 			tc.check(t, vault, err) | ||||||
|  | 		}) | ||||||
|  | 	} | ||||||
|  | } | ||||||
							
								
								
									
										97
									
								
								pkg/onepassword/client/sdk/sdk.go
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										97
									
								
								pkg/onepassword/client/sdk/sdk.go
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,97 @@ | |||||||
|  | package sdk | ||||||
|  |  | ||||||
|  | import ( | ||||||
|  | 	"context" | ||||||
|  | 	"fmt" | ||||||
|  |  | ||||||
|  | 	"github.com/1Password/onepassword-operator/pkg/onepassword/model" | ||||||
|  | 	sdk "github.com/1password/onepassword-sdk-go" | ||||||
|  | ) | ||||||
|  |  | ||||||
|  | // Config holds the configuration for the 1Password SDK client. | ||||||
|  | type Config struct { | ||||||
|  | 	ServiceAccountToken string | ||||||
|  | 	IntegrationName     string | ||||||
|  | 	IntegrationVersion  string | ||||||
|  | } | ||||||
|  |  | ||||||
|  | // SDK is a client for interacting with 1Password using the SDK. | ||||||
|  | type SDK struct { | ||||||
|  | 	client *sdk.Client | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func NewClient(ctx context.Context, config Config) (*SDK, error) { | ||||||
|  | 	client, err := sdk.NewClient(ctx, | ||||||
|  | 		sdk.WithServiceAccountToken(config.ServiceAccountToken), | ||||||
|  | 		sdk.WithIntegrationInfo(config.IntegrationName, config.IntegrationVersion), | ||||||
|  | 	) | ||||||
|  | 	if err != nil { | ||||||
|  | 		return nil, fmt.Errorf("1Password sdk error: %w", err) | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	return &SDK{ | ||||||
|  | 		client: client, | ||||||
|  | 	}, nil | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func (s *SDK) GetItemByID(ctx context.Context, vaultID, itemID string) (*model.Item, error) { | ||||||
|  | 	sdkItem, err := s.client.Items().Get(ctx, vaultID, itemID) | ||||||
|  | 	if err != nil { | ||||||
|  | 		return nil, fmt.Errorf("failed to GetItemsByTitle using 1Password SDK: %w", err) | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	var item model.Item | ||||||
|  | 	item.FromSDKItem(&sdkItem) | ||||||
|  | 	return &item, nil | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func (s *SDK) GetItemsByTitle(ctx context.Context, vaultID, itemTitle string) ([]model.Item, error) { | ||||||
|  | 	// Get all items in the vault | ||||||
|  | 	sdkItems, err := s.client.Items().List(ctx, vaultID) | ||||||
|  | 	if err != nil { | ||||||
|  | 		return nil, fmt.Errorf("failed to GetItemsByTitle using 1Password SDK: %w", err) | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	// Filter items by title | ||||||
|  | 	var items []model.Item | ||||||
|  | 	for _, sdkItem := range sdkItems { | ||||||
|  | 		if sdkItem.Title == itemTitle { | ||||||
|  | 			var item model.Item | ||||||
|  | 			item.FromSDKItemOverview(&sdkItem) | ||||||
|  | 			items = append(items, item) | ||||||
|  | 		} | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	return items, nil | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func (s *SDK) GetFileContent(ctx context.Context, vaultID, itemID, fileID string) ([]byte, error) { | ||||||
|  | 	bytes, err := s.client.Items().Files().Read(ctx, vaultID, itemID, sdk.FileAttributes{ | ||||||
|  | 		ID: fileID, | ||||||
|  | 	}) | ||||||
|  | 	if err != nil { | ||||||
|  | 		return nil, fmt.Errorf("failed to GetFileContent using 1Password SDK: %w", err) | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	return bytes, nil | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func (s *SDK) GetVaultsByTitle(ctx context.Context, title string) ([]model.Vault, error) { | ||||||
|  | 	// List all vaults | ||||||
|  | 	sdkVaults, err := s.client.Vaults().List(ctx) | ||||||
|  | 	if err != nil { | ||||||
|  | 		return nil, fmt.Errorf("failed to GetVaultsByTitle using 1Password SDK: %w", err) | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	// Filter vaults by title | ||||||
|  | 	var vaults []model.Vault | ||||||
|  | 	for _, sdkVault := range sdkVaults { | ||||||
|  | 		if sdkVault.Title == title { | ||||||
|  | 			var vault model.Vault | ||||||
|  | 			vault.FromSDKVault(&sdkVault) | ||||||
|  | 			vaults = append(vaults, vault) | ||||||
|  | 		} | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	return vaults, nil | ||||||
|  | } | ||||||
							
								
								
									
										288
									
								
								pkg/onepassword/client/sdk/sdk_test.go
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										288
									
								
								pkg/onepassword/client/sdk/sdk_test.go
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,288 @@ | |||||||
|  | package sdk | ||||||
|  |  | ||||||
|  | import ( | ||||||
|  | 	"context" | ||||||
|  | 	"errors" | ||||||
|  | 	"testing" | ||||||
|  | 	"time" | ||||||
|  |  | ||||||
|  | 	"github.com/stretchr/testify/mock" | ||||||
|  | 	"github.com/stretchr/testify/require" | ||||||
|  |  | ||||||
|  | 	clienttesting "github.com/1Password/onepassword-operator/pkg/onepassword/client/testing" | ||||||
|  | 	clientmock "github.com/1Password/onepassword-operator/pkg/onepassword/client/testing/mock" | ||||||
|  | 	"github.com/1Password/onepassword-operator/pkg/onepassword/model" | ||||||
|  | 	sdk "github.com/1password/onepassword-sdk-go" | ||||||
|  | ) | ||||||
|  |  | ||||||
|  | const VaultTitleEmployee = "Employee" | ||||||
|  |  | ||||||
|  | func TestSDK_GetItemByID(t *testing.T) { | ||||||
|  | 	sdkItem := clienttesting.CreateSDKItem() | ||||||
|  |  | ||||||
|  | 	testCases := map[string]struct { | ||||||
|  | 		mockItemAPI func() *clientmock.ItemAPIMock | ||||||
|  | 		check       func(t *testing.T, item *model.Item, err error) | ||||||
|  | 	}{ | ||||||
|  | 		"should return a single item": { | ||||||
|  | 			mockItemAPI: func() *clientmock.ItemAPIMock { | ||||||
|  | 				m := &clientmock.ItemAPIMock{} | ||||||
|  | 				m.On("Get", context.Background(), "vault-id", "item-id").Return(*sdkItem, nil) | ||||||
|  | 				return m | ||||||
|  | 			}, | ||||||
|  | 			check: func(t *testing.T, item *model.Item, err error) { | ||||||
|  | 				require.NoError(t, err) | ||||||
|  | 				clienttesting.CheckSDKItemMapping(t, sdkItem, item) | ||||||
|  | 			}, | ||||||
|  | 		}, | ||||||
|  | 		"should return an error": { | ||||||
|  | 			mockItemAPI: func() *clientmock.ItemAPIMock { | ||||||
|  | 				m := &clientmock.ItemAPIMock{} | ||||||
|  | 				m.On("Get", context.Background(), "vault-id", "item-id").Return(sdk.Item{}, errors.New("error")) | ||||||
|  | 				return m | ||||||
|  | 			}, | ||||||
|  | 			check: func(t *testing.T, item *model.Item, err error) { | ||||||
|  | 				require.Error(t, err) | ||||||
|  | 				require.Empty(t, item) | ||||||
|  | 			}, | ||||||
|  | 		}, | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	for description, tc := range testCases { | ||||||
|  | 		t.Run(description, func(t *testing.T) { | ||||||
|  | 			client := &SDK{ | ||||||
|  | 				client: &sdk.Client{ | ||||||
|  | 					ItemsAPI: tc.mockItemAPI(), | ||||||
|  | 				}, | ||||||
|  | 			} | ||||||
|  | 			item, err := client.GetItemByID(context.Background(), "vault-id", "item-id") | ||||||
|  | 			tc.check(t, item, err) | ||||||
|  | 		}) | ||||||
|  | 	} | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func TestSDK_GetItemsByTitle(t *testing.T) { | ||||||
|  | 	sdkItem1 := clienttesting.CreateSDKItemOverview() | ||||||
|  | 	sdkItem2 := clienttesting.CreateSDKItemOverview() | ||||||
|  |  | ||||||
|  | 	testCases := map[string]struct { | ||||||
|  | 		mockItemAPI func() *clientmock.ItemAPIMock | ||||||
|  | 		check       func(t *testing.T, items []model.Item, err error) | ||||||
|  | 	}{ | ||||||
|  | 		"should return a single item": { | ||||||
|  | 			mockItemAPI: func() *clientmock.ItemAPIMock { | ||||||
|  | 				m := &clientmock.ItemAPIMock{} | ||||||
|  |  | ||||||
|  | 				copySDKItem2 := *sdkItem2 | ||||||
|  | 				copySDKItem2.Title = "Some other item" | ||||||
|  |  | ||||||
|  | 				m.On("List", context.Background(), "vault-id", mock.Anything).Return([]sdk.ItemOverview{ | ||||||
|  | 					*sdkItem1, | ||||||
|  | 					copySDKItem2, | ||||||
|  | 				}, nil) | ||||||
|  | 				return m | ||||||
|  | 			}, | ||||||
|  | 			check: func(t *testing.T, items []model.Item, err error) { | ||||||
|  | 				require.NoError(t, err) | ||||||
|  | 				require.Len(t, items, 1) | ||||||
|  | 				clienttesting.CheckSDKItemOverviewMapping(t, sdkItem1, &items[0]) | ||||||
|  | 			}, | ||||||
|  | 		}, | ||||||
|  | 		"should return a two items": { | ||||||
|  | 			mockItemAPI: func() *clientmock.ItemAPIMock { | ||||||
|  | 				m := &clientmock.ItemAPIMock{} | ||||||
|  | 				m.On("List", context.Background(), "vault-id", mock.Anything).Return([]sdk.ItemOverview{ | ||||||
|  | 					*sdkItem1, | ||||||
|  | 					*sdkItem2, | ||||||
|  | 				}, nil) | ||||||
|  | 				return m | ||||||
|  | 			}, | ||||||
|  | 			check: func(t *testing.T, items []model.Item, err error) { | ||||||
|  | 				require.NoError(t, err) | ||||||
|  | 				require.Len(t, items, 2) | ||||||
|  | 				clienttesting.CheckSDKItemOverviewMapping(t, sdkItem1, &items[0]) | ||||||
|  | 				clienttesting.CheckSDKItemOverviewMapping(t, sdkItem2, &items[1]) | ||||||
|  | 			}, | ||||||
|  | 		}, | ||||||
|  | 		"should return empty list": { | ||||||
|  | 			mockItemAPI: func() *clientmock.ItemAPIMock { | ||||||
|  | 				m := &clientmock.ItemAPIMock{} | ||||||
|  | 				m.On("List", context.Background(), "vault-id", mock.Anything).Return([]sdk.ItemOverview{}, nil) | ||||||
|  | 				return m | ||||||
|  | 			}, | ||||||
|  | 			check: func(t *testing.T, items []model.Item, err error) { | ||||||
|  | 				require.NoError(t, err) | ||||||
|  | 				require.Len(t, items, 0) | ||||||
|  | 			}, | ||||||
|  | 		}, | ||||||
|  | 		"should return an error": { | ||||||
|  | 			mockItemAPI: func() *clientmock.ItemAPIMock { | ||||||
|  | 				m := &clientmock.ItemAPIMock{} | ||||||
|  | 				m.On("List", context.Background(), "vault-id", mock.Anything).Return([]sdk.ItemOverview{}, errors.New("error")) | ||||||
|  | 				return m | ||||||
|  | 			}, | ||||||
|  | 			check: func(t *testing.T, items []model.Item, err error) { | ||||||
|  | 				require.Error(t, err) | ||||||
|  | 				require.Empty(t, items) | ||||||
|  | 			}, | ||||||
|  | 		}, | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	for description, tc := range testCases { | ||||||
|  | 		t.Run(description, func(t *testing.T) { | ||||||
|  | 			client := &SDK{ | ||||||
|  | 				client: &sdk.Client{ | ||||||
|  | 					ItemsAPI: tc.mockItemAPI(), | ||||||
|  | 				}, | ||||||
|  | 			} | ||||||
|  | 			items, err := client.GetItemsByTitle(context.Background(), "vault-id", "item-title") | ||||||
|  | 			tc.check(t, items, err) | ||||||
|  | 		}) | ||||||
|  | 	} | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func TestSDK_GetFileContent(t *testing.T) { | ||||||
|  | 	testCases := map[string]struct { | ||||||
|  | 		mockItemAPI func() *clientmock.ItemAPIMock | ||||||
|  | 		check       func(t *testing.T, content []byte, err error) | ||||||
|  | 	}{ | ||||||
|  | 		"should return file content": { | ||||||
|  | 			mockItemAPI: func() *clientmock.ItemAPIMock { | ||||||
|  | 				fileMock := &clientmock.FileAPIMock{} | ||||||
|  | 				fileMock.On("Read", mock.Anything, "vault-id", "item-id", | ||||||
|  | 					mock.MatchedBy(func(attr sdk.FileAttributes) bool { | ||||||
|  | 						return attr.ID == "file-id" | ||||||
|  | 					}), | ||||||
|  | 				).Return([]byte("file content"), nil) | ||||||
|  |  | ||||||
|  | 				itemMock := &clientmock.ItemAPIMock{ | ||||||
|  | 					FilesAPI: fileMock, | ||||||
|  | 				} | ||||||
|  | 				itemMock.On("Files").Return(fileMock) | ||||||
|  |  | ||||||
|  | 				return itemMock | ||||||
|  | 			}, | ||||||
|  | 			check: func(t *testing.T, content []byte, err error) { | ||||||
|  | 				require.NoError(t, err) | ||||||
|  | 				require.Equal(t, []byte("file content"), content) | ||||||
|  | 			}, | ||||||
|  | 		}, | ||||||
|  | 		"should return an error": { | ||||||
|  | 			mockItemAPI: func() *clientmock.ItemAPIMock { | ||||||
|  | 				fileMock := &clientmock.FileAPIMock{} | ||||||
|  | 				fileMock.On("Read", mock.Anything, "vault-id", "item-id", | ||||||
|  | 					mock.MatchedBy(func(attr sdk.FileAttributes) bool { | ||||||
|  | 						return attr.ID == "file-id" | ||||||
|  | 					}), | ||||||
|  | 				).Return(nil, errors.New("error")) | ||||||
|  |  | ||||||
|  | 				itemMock := &clientmock.ItemAPIMock{ | ||||||
|  | 					FilesAPI: fileMock, | ||||||
|  | 				} | ||||||
|  | 				itemMock.On("Files").Return(fileMock) | ||||||
|  |  | ||||||
|  | 				return itemMock | ||||||
|  | 			}, | ||||||
|  | 			check: func(t *testing.T, content []byte, err error) { | ||||||
|  | 				require.Error(t, err) | ||||||
|  | 				require.Nil(t, content) | ||||||
|  | 			}, | ||||||
|  | 		}, | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	for description, tc := range testCases { | ||||||
|  | 		t.Run(description, func(t *testing.T) { | ||||||
|  | 			client := &SDK{ | ||||||
|  | 				client: &sdk.Client{ | ||||||
|  | 					ItemsAPI: tc.mockItemAPI(), | ||||||
|  | 				}, | ||||||
|  | 			} | ||||||
|  | 			content, err := client.GetFileContent(context.Background(), "vault-id", "item-id", "file-id") | ||||||
|  | 			tc.check(t, content, err) | ||||||
|  | 		}) | ||||||
|  | 	} | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func TestSDK_GetVaultsByTitle(t *testing.T) { | ||||||
|  | 	now := time.Now() | ||||||
|  | 	testCases := map[string]struct { | ||||||
|  | 		mockVaultAPI func() *clientmock.VaultAPIMock | ||||||
|  | 		check        func(t *testing.T, vaults []model.Vault, err error) | ||||||
|  | 	}{ | ||||||
|  | 		"should return a single vault": { | ||||||
|  | 			mockVaultAPI: func() *clientmock.VaultAPIMock { | ||||||
|  | 				m := &clientmock.VaultAPIMock{} | ||||||
|  | 				m.On("List", context.Background()).Return([]sdk.VaultOverview{ | ||||||
|  | 					{ | ||||||
|  | 						ID:        "test-id", | ||||||
|  | 						Title:     VaultTitleEmployee, | ||||||
|  | 						CreatedAt: now, | ||||||
|  | 					}, | ||||||
|  | 					{ | ||||||
|  | 						ID:        "test-id-2", | ||||||
|  | 						Title:     "Some other vault", | ||||||
|  | 						CreatedAt: now, | ||||||
|  | 					}, | ||||||
|  | 				}, nil) | ||||||
|  | 				return m | ||||||
|  | 			}, | ||||||
|  | 			check: func(t *testing.T, vaults []model.Vault, err error) { | ||||||
|  | 				require.NoError(t, err) | ||||||
|  | 				require.Len(t, vaults, 1) | ||||||
|  | 				require.Equal(t, "test-id", vaults[0].ID) | ||||||
|  | 				require.Equal(t, now, vaults[0].CreatedAt) | ||||||
|  | 			}, | ||||||
|  | 		}, | ||||||
|  | 		"should return a two vaults": { | ||||||
|  | 			mockVaultAPI: func() *clientmock.VaultAPIMock { | ||||||
|  | 				m := &clientmock.VaultAPIMock{} | ||||||
|  | 				m.On("List", context.Background()).Return([]sdk.VaultOverview{ | ||||||
|  | 					{ | ||||||
|  | 						ID:        "test-id", | ||||||
|  | 						Title:     VaultTitleEmployee, | ||||||
|  | 						CreatedAt: now, | ||||||
|  | 					}, | ||||||
|  | 					{ | ||||||
|  | 						ID:        "test-id-2", | ||||||
|  | 						Title:     VaultTitleEmployee, | ||||||
|  | 						CreatedAt: now, | ||||||
|  | 					}, | ||||||
|  | 				}, nil) | ||||||
|  | 				return m | ||||||
|  | 			}, | ||||||
|  | 			check: func(t *testing.T, vaults []model.Vault, err error) { | ||||||
|  | 				require.NoError(t, err) | ||||||
|  | 				require.Len(t, vaults, 2) | ||||||
|  | 				// Check the first vault | ||||||
|  | 				require.Equal(t, "test-id", vaults[0].ID) | ||||||
|  | 				require.Equal(t, now, vaults[0].CreatedAt) | ||||||
|  | 				// Check the second vault | ||||||
|  | 				require.Equal(t, "test-id-2", vaults[1].ID) | ||||||
|  | 				require.Equal(t, now, vaults[1].CreatedAt) | ||||||
|  | 			}, | ||||||
|  | 		}, | ||||||
|  | 		"should return an error": { | ||||||
|  | 			mockVaultAPI: func() *clientmock.VaultAPIMock { | ||||||
|  | 				m := &clientmock.VaultAPIMock{} | ||||||
|  | 				m.On("List", context.Background()).Return([]sdk.VaultOverview{}, errors.New("error")) | ||||||
|  | 				return m | ||||||
|  | 			}, | ||||||
|  | 			check: func(t *testing.T, vaults []model.Vault, err error) { | ||||||
|  | 				require.Error(t, err) | ||||||
|  | 				require.Empty(t, vaults) | ||||||
|  | 			}, | ||||||
|  | 		}, | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	for description, tc := range testCases { | ||||||
|  | 		t.Run(description, func(t *testing.T) { | ||||||
|  | 			client := &SDK{ | ||||||
|  | 				client: &sdk.Client{ | ||||||
|  | 					VaultsAPI: tc.mockVaultAPI(), | ||||||
|  | 				}, | ||||||
|  | 			} | ||||||
|  | 			vault, err := client.GetVaultsByTitle(context.Background(), VaultTitleEmployee) | ||||||
|  | 			tc.check(t, vault, err) | ||||||
|  | 		}) | ||||||
|  | 	} | ||||||
|  | } | ||||||
							
								
								
									
										110
									
								
								pkg/onepassword/client/testing/item.go
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										110
									
								
								pkg/onepassword/client/testing/item.go
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,110 @@ | |||||||
|  | package testing | ||||||
|  |  | ||||||
|  | import ( | ||||||
|  | 	sdk "github.com/1password/onepassword-sdk-go" | ||||||
|  | 	"testing" | ||||||
|  | 	"time" | ||||||
|  |  | ||||||
|  | 	"github.com/stretchr/testify/require" | ||||||
|  |  | ||||||
|  | 	"github.com/1Password/connect-sdk-go/onepassword" | ||||||
|  | 	"github.com/1Password/onepassword-operator/pkg/onepassword/model" | ||||||
|  | ) | ||||||
|  |  | ||||||
|  | func CreateConnectItem() *onepassword.Item { | ||||||
|  | 	return &onepassword.Item{ | ||||||
|  | 		ID:      "test-id", | ||||||
|  | 		Vault:   onepassword.ItemVault{ID: "test-vault-id"}, | ||||||
|  | 		Version: 1, | ||||||
|  | 		Tags:    []string{"tag1", "tag2"}, | ||||||
|  | 		Fields: []*onepassword.ItemField{ | ||||||
|  | 			{Label: "label1", Value: "value1"}, | ||||||
|  | 			{Label: "label2", Value: "value2"}, | ||||||
|  | 		}, | ||||||
|  | 		Files: []*onepassword.File{ | ||||||
|  | 			{ID: "file-id-1", Name: "file1.txt", Size: 1234}, | ||||||
|  | 			{ID: "file-id-2", Name: "file2.txt", Size: 1234}, | ||||||
|  | 		}, | ||||||
|  | 	} | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func CreateSDKItem() *sdk.Item { | ||||||
|  | 	return &sdk.Item{ | ||||||
|  | 		ID:      "test-id", | ||||||
|  | 		VaultID: "test-vault-id", | ||||||
|  | 		Version: 1, | ||||||
|  | 		Tags:    []string{"tag1", "tag2"}, | ||||||
|  | 		Fields: []sdk.ItemField{ | ||||||
|  | 			{Title: "label1", Value: "value1"}, | ||||||
|  | 			{Title: "label2", Value: "value2"}, | ||||||
|  | 		}, | ||||||
|  | 		Files: []sdk.ItemFile{ | ||||||
|  | 			{Attributes: sdk.FileAttributes{ID: "file-id-1", Name: "file1.txt", Size: 1234}}, | ||||||
|  | 			{Attributes: sdk.FileAttributes{ID: "file-id-2", Name: "file2.txt", Size: 1234}}, | ||||||
|  | 		}, | ||||||
|  | 		CreatedAt: time.Now(), | ||||||
|  | 	} | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func CreateSDKItemOverview() *sdk.ItemOverview { | ||||||
|  | 	return &sdk.ItemOverview{ | ||||||
|  | 		ID:        "test-id", | ||||||
|  | 		Title:     "item-title", | ||||||
|  | 		VaultID:   "test-vault-id", | ||||||
|  | 		Tags:      []string{"tag1", "tag2"}, | ||||||
|  | 		CreatedAt: time.Now(), | ||||||
|  | 	} | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func CheckConnectItemMapping(t *testing.T, expected *onepassword.Item, actual *model.Item) { | ||||||
|  | 	t.Helper() | ||||||
|  |  | ||||||
|  | 	require.Equal(t, expected.ID, actual.ID) | ||||||
|  | 	require.Equal(t, expected.Vault.ID, actual.VaultID) | ||||||
|  | 	require.Equal(t, expected.Version, actual.Version) | ||||||
|  | 	require.ElementsMatch(t, expected.Tags, actual.Tags) | ||||||
|  |  | ||||||
|  | 	for i, field := range expected.Fields { | ||||||
|  | 		require.Equal(t, field.Label, actual.Fields[i].Label) | ||||||
|  | 		require.Equal(t, field.Value, actual.Fields[i].Value) | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	for i, file := range expected.Files { | ||||||
|  | 		require.Equal(t, file.ID, actual.Files[i].ID) | ||||||
|  | 		require.Equal(t, file.Name, actual.Files[i].Name) | ||||||
|  | 		require.Equal(t, file.Size, actual.Files[i].Size) | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	require.Equal(t, expected.CreatedAt, actual.CreatedAt) | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func CheckSDKItemMapping(t *testing.T, expected *sdk.Item, actual *model.Item) { | ||||||
|  | 	t.Helper() | ||||||
|  |  | ||||||
|  | 	require.Equal(t, expected.ID, actual.ID) | ||||||
|  | 	require.Equal(t, expected.VaultID, actual.VaultID) | ||||||
|  | 	require.Equal(t, int(expected.Version), actual.Version) | ||||||
|  | 	require.ElementsMatch(t, expected.Tags, actual.Tags) | ||||||
|  |  | ||||||
|  | 	for i, field := range expected.Fields { | ||||||
|  | 		require.Equal(t, field.Title, actual.Fields[i].Label) | ||||||
|  | 		require.Equal(t, field.Value, actual.Fields[i].Value) | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	for i, file := range expected.Files { | ||||||
|  | 		require.Equal(t, file.Attributes.ID, actual.Files[i].ID) | ||||||
|  | 		require.Equal(t, file.Attributes.Name, actual.Files[i].Name) | ||||||
|  | 		require.Equal(t, int(file.Attributes.Size), actual.Files[i].Size) | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	require.Equal(t, expected.CreatedAt, actual.CreatedAt) | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func CheckSDKItemOverviewMapping(t *testing.T, expected *sdk.ItemOverview, actual *model.Item) { | ||||||
|  | 	t.Helper() | ||||||
|  |  | ||||||
|  | 	require.Equal(t, expected.ID, actual.ID) | ||||||
|  | 	require.Equal(t, expected.VaultID, actual.VaultID) | ||||||
|  | 	require.ElementsMatch(t, expected.Tags, actual.Tags) | ||||||
|  | 	require.Equal(t, expected.CreatedAt, actual.CreatedAt) | ||||||
|  | } | ||||||
							
								
								
									
										130
									
								
								pkg/onepassword/client/testing/mock/connect.go
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										130
									
								
								pkg/onepassword/client/testing/mock/connect.go
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,130 @@ | |||||||
|  | package mock | ||||||
|  |  | ||||||
|  | import ( | ||||||
|  | 	"github.com/stretchr/testify/mock" | ||||||
|  |  | ||||||
|  | 	"github.com/1Password/connect-sdk-go/onepassword" | ||||||
|  | ) | ||||||
|  |  | ||||||
|  | // ConnectClientMock is a mock implementation of the ConnectClient interface | ||||||
|  | type ConnectClientMock struct { | ||||||
|  | 	mock.Mock | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func (c *ConnectClientMock) GetVaults() ([]onepassword.Vault, error) { | ||||||
|  | 	// Only implement this if mocking is needed | ||||||
|  | 	panic("implement me") | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func (c *ConnectClientMock) GetVault(uuid string) (*onepassword.Vault, error) { | ||||||
|  | 	args := c.Called(uuid) | ||||||
|  | 	return args.Get(0).(*onepassword.Vault), args.Error(1) | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func (c *ConnectClientMock) GetVaultByUUID(uuid string) (*onepassword.Vault, error) { | ||||||
|  | 	// Only implement this if mocking is needed | ||||||
|  | 	panic("implement me") | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func (c *ConnectClientMock) GetVaultByTitle(title string) (*onepassword.Vault, error) { | ||||||
|  | 	// Only implement this if mocking is needed | ||||||
|  | 	panic("implement me") | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func (c *ConnectClientMock) GetVaultsByTitle(title string) ([]onepassword.Vault, error) { | ||||||
|  | 	args := c.Called(title) | ||||||
|  | 	return args.Get(0).([]onepassword.Vault), args.Error(1) | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func (c *ConnectClientMock) GetItems(vaultQuery string) ([]onepassword.Item, error) { | ||||||
|  | 	// Only implement this if mocking is needed | ||||||
|  | 	panic("implement me") | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func (c *ConnectClientMock) GetItem(itemQuery, vaultQuery string) (*onepassword.Item, error) { | ||||||
|  | 	// Only implement this if mocking is needed | ||||||
|  | 	panic("implement me") | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func (c *ConnectClientMock) GetItemByUUID(uuid string, vaultQuery string) (*onepassword.Item, error) { | ||||||
|  | 	args := c.Called(uuid, vaultQuery) | ||||||
|  | 	return args.Get(0).(*onepassword.Item), args.Error(1) | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func (c *ConnectClientMock) GetItemByTitle(title string, vaultQuery string) (*onepassword.Item, error) { | ||||||
|  | 	// Only implement this if mocking is needed | ||||||
|  | 	panic("implement me") | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func (c *ConnectClientMock) GetItemsByTitle(title string, vaultQuery string) ([]onepassword.Item, error) { | ||||||
|  | 	args := c.Called(title, vaultQuery) | ||||||
|  | 	return args.Get(0).([]onepassword.Item), args.Error(1) | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func (c *ConnectClientMock) CreateItem(item *onepassword.Item, vaultQuery string) (*onepassword.Item, error) { | ||||||
|  | 	// Only implement this if mocking is needed | ||||||
|  | 	panic("implement me") | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func (c *ConnectClientMock) UpdateItem(item *onepassword.Item, vaultQuery string) (*onepassword.Item, error) { | ||||||
|  | 	// Only implement this if mocking is needed | ||||||
|  | 	panic("implement me") | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func (c *ConnectClientMock) DeleteItem(item *onepassword.Item, vaultQuery string) error { | ||||||
|  | 	// Only implement this if mocking is needed | ||||||
|  | 	panic("implement me") | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func (c *ConnectClientMock) DeleteItemByID(itemUUID string, vaultQuery string) error { | ||||||
|  | 	// Only implement this if mocking is needed | ||||||
|  | 	panic("implement me") | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func (c *ConnectClientMock) DeleteItemByTitle(title string, vaultQuery string) error { | ||||||
|  | 	// Only implement this if mocking is needed | ||||||
|  | 	panic("implement me") | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func (c *ConnectClientMock) GetFiles(itemQuery string, vaultQuery string) ([]onepassword.File, error) { | ||||||
|  | 	// Only implement this if mocking is needed | ||||||
|  | 	panic("implement me") | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func (c *ConnectClientMock) GetFile(uuid string, itemQuery string, vaultQuery string) (*onepassword.File, error) { | ||||||
|  | 	// Only implement this if mocking is needed | ||||||
|  | 	panic("implement me") | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func (c *ConnectClientMock) GetFileContent(file *onepassword.File) ([]byte, error) { | ||||||
|  | 	args := c.Called(file) | ||||||
|  | 	if args.Get(0) == nil { | ||||||
|  | 		return nil, args.Error(1) | ||||||
|  | 	} | ||||||
|  | 	return args.Get(0).([]byte), args.Error(1) | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func (c *ConnectClientMock) DownloadFile(file *onepassword.File, targetDirectory string, overwrite bool) (string, error) { | ||||||
|  | 	// Only implement this if mocking is needed | ||||||
|  | 	panic("implement me") | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func (c *ConnectClientMock) LoadStructFromItemByUUID(config interface{}, itemUUID string, vaultQuery string) error { | ||||||
|  | 	// Only implement this if mocking is needed | ||||||
|  | 	panic("implement me") | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func (c *ConnectClientMock) LoadStructFromItemByTitle(config interface{}, itemTitle string, vaultQuery string) error { | ||||||
|  | 	// Only implement this if mocking is needed | ||||||
|  | 	panic("implement me") | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func (c *ConnectClientMock) LoadStructFromItem(config interface{}, itemQuery string, vaultQuery string) error { | ||||||
|  | 	// Only implement this if mocking is needed | ||||||
|  | 	panic("implement me") | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func (c *ConnectClientMock) LoadStruct(config interface{}) error { | ||||||
|  | 	// Only implement this if mocking is needed | ||||||
|  | 	panic("implement me") | ||||||
|  | } | ||||||
							
								
								
									
										89
									
								
								pkg/onepassword/client/testing/mock/sdk.go
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										89
									
								
								pkg/onepassword/client/testing/mock/sdk.go
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,89 @@ | |||||||
|  | package mock | ||||||
|  |  | ||||||
|  | import ( | ||||||
|  | 	"context" | ||||||
|  |  | ||||||
|  | 	"github.com/stretchr/testify/mock" | ||||||
|  |  | ||||||
|  | 	sdk "github.com/1password/onepassword-sdk-go" | ||||||
|  | ) | ||||||
|  |  | ||||||
|  | type VaultAPIMock struct { | ||||||
|  | 	mock.Mock | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func (v *VaultAPIMock) List(ctx context.Context) ([]sdk.VaultOverview, error) { | ||||||
|  | 	args := v.Called(ctx) | ||||||
|  | 	return args.Get(0).([]sdk.VaultOverview), args.Error(1) | ||||||
|  | } | ||||||
|  |  | ||||||
|  | type ItemAPIMock struct { | ||||||
|  | 	mock.Mock | ||||||
|  | 	FilesAPI sdk.ItemsFilesAPI | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func (i *ItemAPIMock) Create(ctx context.Context, params sdk.ItemCreateParams) (sdk.Item, error) { | ||||||
|  | 	//TODO implement me | ||||||
|  | 	panic("implement me") | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func (i *ItemAPIMock) Get(ctx context.Context, vaultID string, itemID string) (sdk.Item, error) { | ||||||
|  | 	args := i.Called(ctx, vaultID, itemID) | ||||||
|  | 	return args.Get(0).(sdk.Item), args.Error(1) | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func (i *ItemAPIMock) Put(ctx context.Context, item sdk.Item) (sdk.Item, error) { | ||||||
|  | 	//TODO implement me | ||||||
|  | 	panic("implement me") | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func (i *ItemAPIMock) Delete(ctx context.Context, vaultID string, itemID string) error { | ||||||
|  | 	//TODO implement me | ||||||
|  | 	panic("implement me") | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func (i *ItemAPIMock) Archive(ctx context.Context, vaultID string, itemID string) error { | ||||||
|  | 	//TODO implement me | ||||||
|  | 	panic("implement me") | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func (i *ItemAPIMock) List(ctx context.Context, vaultID string, filters ...sdk.ItemListFilter) ([]sdk.ItemOverview, error) { | ||||||
|  | 	args := i.Called(ctx, vaultID, filters) | ||||||
|  | 	return args.Get(0).([]sdk.ItemOverview), args.Error(1) | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func (i *ItemAPIMock) Shares() sdk.ItemsSharesAPI { | ||||||
|  | 	//TODO implement me | ||||||
|  | 	panic("implement me") | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func (i *ItemAPIMock) Files() sdk.ItemsFilesAPI { | ||||||
|  | 	return i.FilesAPI | ||||||
|  | } | ||||||
|  |  | ||||||
|  | type FileAPIMock struct { | ||||||
|  | 	mock.Mock | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func (f *FileAPIMock) Attach(ctx context.Context, item sdk.Item, fileParams sdk.FileCreateParams) (sdk.Item, error) { | ||||||
|  | 	//TODO implement me | ||||||
|  | 	panic("implement me") | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func (f *FileAPIMock) Delete(ctx context.Context, item sdk.Item, sectionID string, fieldID string) (sdk.Item, error) { | ||||||
|  | 	//TODO implement me | ||||||
|  | 	panic("implement me") | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func (f *FileAPIMock) ReplaceDocument(ctx context.Context, item sdk.Item, docParams sdk.DocumentCreateParams) (sdk.Item, error) { | ||||||
|  | 	//TODO implement me | ||||||
|  | 	panic("implement me") | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func (f *FileAPIMock) Read(ctx context.Context, vaultID, itemID string, attributes sdk.FileAttributes) ([]byte, error) { | ||||||
|  | 	args := f.Called(ctx, vaultID, itemID, attributes) | ||||||
|  | 	if args.Get(0) == nil { | ||||||
|  | 		return nil, args.Error(1) | ||||||
|  | 	} | ||||||
|  | 	return args.Get(0).([]byte), args.Error(1) | ||||||
|  | } | ||||||
| @@ -15,16 +15,16 @@ import ( | |||||||
| ) | ) | ||||||
|  |  | ||||||
| var logConnectSetup = logf.Log.WithName("ConnectSetup") | var logConnectSetup = logf.Log.WithName("ConnectSetup") | ||||||
| var deploymentPath = "config/connect/deployment.yaml" | var deploymentPath = "../config/connect/deployment.yaml" | ||||||
| var servicePath = "config/connect/service.yaml" | var servicePath = "../config/connect/service.yaml" | ||||||
|  |  | ||||||
| func SetupConnect(kubeClient client.Client, deploymentNamespace string) error { | func SetupConnect(ctx context.Context, kubeClient client.Client, deploymentNamespace string) error { | ||||||
| 	err := setupService(kubeClient, servicePath, deploymentNamespace) | 	err := setupService(ctx, kubeClient, servicePath, deploymentNamespace) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		return err | 		return err | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
| 	err = setupDeployment(kubeClient, deploymentPath, deploymentNamespace) | 	err = setupDeployment(ctx, kubeClient, deploymentPath, deploymentNamespace) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		return err | 		return err | ||||||
| 	} | 	} | ||||||
| @@ -32,27 +32,27 @@ func SetupConnect(kubeClient client.Client, deploymentNamespace string) error { | |||||||
| 	return nil | 	return nil | ||||||
| } | } | ||||||
|  |  | ||||||
| func setupDeployment(kubeClient client.Client, deploymentPath string, deploymentNamespace string) error { | func setupDeployment(ctx context.Context, kubeClient client.Client, deploymentPath string, deploymentNamespace string) error { | ||||||
| 	existingDeployment := &appsv1.Deployment{} | 	existingDeployment := &appsv1.Deployment{} | ||||||
|  |  | ||||||
| 	// check if deployment has already been created | 	// check if deployment has already been created | ||||||
| 	err := kubeClient.Get(context.Background(), types.NamespacedName{Name: "onepassword-connect", Namespace: deploymentNamespace}, existingDeployment) | 	err := kubeClient.Get(ctx, types.NamespacedName{Name: "onepassword-connect", Namespace: deploymentNamespace}, existingDeployment) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		if errors.IsNotFound(err) { | 		if errors.IsNotFound(err) { | ||||||
| 			logConnectSetup.Info("No existing Connect deployment found. Creating Deployment") | 			logConnectSetup.Info("No existing Connect deployment found. Creating Deployment") | ||||||
| 			return createDeployment(kubeClient, deploymentPath, deploymentNamespace) | 			return createDeployment(ctx, kubeClient, deploymentPath, deploymentNamespace) | ||||||
| 		} | 		} | ||||||
| 	} | 	} | ||||||
| 	return err | 	return err | ||||||
| } | } | ||||||
|  |  | ||||||
| func createDeployment(kubeClient client.Client, deploymentPath string, deploymentNamespace string) error { | func createDeployment(ctx context.Context, kubeClient client.Client, deploymentPath string, deploymentNamespace string) error { | ||||||
| 	deployment, err := getDeploymentToCreate(deploymentPath, deploymentNamespace) | 	deployment, err := getDeploymentToCreate(deploymentPath, deploymentNamespace) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		return err | 		return err | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
| 	err = kubeClient.Create(context.Background(), deployment) | 	err = kubeClient.Create(ctx, deployment) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		return err | 		return err | ||||||
| 	} | 	} | ||||||
| @@ -78,21 +78,21 @@ func getDeploymentToCreate(deploymentPath string, deploymentNamespace string) (* | |||||||
| 	return deployment, nil | 	return deployment, nil | ||||||
| } | } | ||||||
|  |  | ||||||
| func setupService(kubeClient client.Client, servicePath string, deploymentNamespace string) error { | func setupService(ctx context.Context, kubeClient client.Client, servicePath string, deploymentNamespace string) error { | ||||||
| 	existingService := &corev1.Service{} | 	existingService := &corev1.Service{} | ||||||
|  |  | ||||||
| 	//check if service has already been created | 	//check if service has already been created | ||||||
| 	err := kubeClient.Get(context.Background(), types.NamespacedName{Name: "onepassword-connect", Namespace: deploymentNamespace}, existingService) | 	err := kubeClient.Get(ctx, types.NamespacedName{Name: "onepassword-connect", Namespace: deploymentNamespace}, existingService) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		if errors.IsNotFound(err) { | 		if errors.IsNotFound(err) { | ||||||
| 			logConnectSetup.Info("No existing Connect service found. Creating Service") | 			logConnectSetup.Info("No existing Connect service found. Creating Service") | ||||||
| 			return createService(kubeClient, servicePath, deploymentNamespace) | 			return createService(ctx, kubeClient, servicePath, deploymentNamespace) | ||||||
| 		} | 		} | ||||||
| 	} | 	} | ||||||
| 	return err | 	return err | ||||||
| } | } | ||||||
|  |  | ||||||
| func createService(kubeClient client.Client, servicePath string, deploymentNamespace string) error { | func createService(ctx context.Context, kubeClient client.Client, servicePath string, deploymentNamespace string) error { | ||||||
| 	f, err := os.Open(servicePath) | 	f, err := os.Open(servicePath) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		return err | 		return err | ||||||
| @@ -108,7 +108,7 @@ func createService(kubeClient client.Client, servicePath string, deploymentNames | |||||||
| 		return err | 		return err | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
| 	err = kubeClient.Create(context.Background(), service) | 	err = kubeClient.Create(ctx, service) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		return err | 		return err | ||||||
| 	} | 	} | ||||||
|   | |||||||
| @@ -15,6 +15,7 @@ import ( | |||||||
| var defaultNamespacedName = types.NamespacedName{Name: "onepassword-connect", Namespace: "default"} | var defaultNamespacedName = types.NamespacedName{Name: "onepassword-connect", Namespace: "default"} | ||||||
|  |  | ||||||
| func TestServiceSetup(t *testing.T) { | func TestServiceSetup(t *testing.T) { | ||||||
|  | 	ctx := context.Background() | ||||||
|  |  | ||||||
| 	// Register operator types with the runtime scheme. | 	// Register operator types with the runtime scheme. | ||||||
| 	s := scheme.Scheme | 	s := scheme.Scheme | ||||||
| @@ -25,7 +26,7 @@ func TestServiceSetup(t *testing.T) { | |||||||
| 	// Create a fake client to mock API calls. | 	// Create a fake client to mock API calls. | ||||||
| 	client := fake.NewClientBuilder().WithScheme(s).WithRuntimeObjects(objs...).Build() | 	client := fake.NewClientBuilder().WithScheme(s).WithRuntimeObjects(objs...).Build() | ||||||
|  |  | ||||||
| 	err := setupService(client, "../../config/connect/service.yaml", defaultNamespacedName.Namespace) | 	err := setupService(ctx, client, "../../config/connect/service.yaml", defaultNamespacedName.Namespace) | ||||||
|  |  | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		t.Errorf("Error Setting Up Connect: %v", err) | 		t.Errorf("Error Setting Up Connect: %v", err) | ||||||
| @@ -33,13 +34,14 @@ func TestServiceSetup(t *testing.T) { | |||||||
|  |  | ||||||
| 	// check that service was created | 	// check that service was created | ||||||
| 	service := &corev1.Service{} | 	service := &corev1.Service{} | ||||||
| 	err = client.Get(context.TODO(), defaultNamespacedName, service) | 	err = client.Get(ctx, defaultNamespacedName, service) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		t.Errorf("Error Setting Up Connect service: %v", err) | 		t.Errorf("Error Setting Up Connect service: %v", err) | ||||||
| 	} | 	} | ||||||
| } | } | ||||||
|  |  | ||||||
| func TestDeploymentSetup(t *testing.T) { | func TestDeploymentSetup(t *testing.T) { | ||||||
|  | 	ctx := context.Background() | ||||||
|  |  | ||||||
| 	// Register operator types with the runtime scheme. | 	// Register operator types with the runtime scheme. | ||||||
| 	s := scheme.Scheme | 	s := scheme.Scheme | ||||||
| @@ -50,7 +52,7 @@ func TestDeploymentSetup(t *testing.T) { | |||||||
| 	// Create a fake client to mock API calls. | 	// Create a fake client to mock API calls. | ||||||
| 	client := fake.NewClientBuilder().WithScheme(s).WithRuntimeObjects(objs...).Build() | 	client := fake.NewClientBuilder().WithScheme(s).WithRuntimeObjects(objs...).Build() | ||||||
|  |  | ||||||
| 	err := setupDeployment(client, "../../config/connect/deployment.yaml", defaultNamespacedName.Namespace) | 	err := setupDeployment(ctx, client, "../../config/connect/deployment.yaml", defaultNamespacedName.Namespace) | ||||||
|  |  | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		t.Errorf("Error Setting Up Connect: %v", err) | 		t.Errorf("Error Setting Up Connect: %v", err) | ||||||
| @@ -58,7 +60,7 @@ func TestDeploymentSetup(t *testing.T) { | |||||||
|  |  | ||||||
| 	// check that deployment was created | 	// check that deployment was created | ||||||
| 	deployment := &appsv1.Deployment{} | 	deployment := &appsv1.Deployment{} | ||||||
| 	err = client.Get(context.TODO(), defaultNamespacedName, deployment) | 	err = client.Get(ctx, defaultNamespacedName, deployment) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		t.Errorf("Error Setting Up Connect deployment: %v", err) | 		t.Errorf("Error Setting Up Connect deployment: %v", err) | ||||||
| 	} | 	} | ||||||
|   | |||||||
| @@ -9,18 +9,30 @@ import ( | |||||||
|  |  | ||||||
| func TestIsDeploymentUsingSecretsUsingVolumes(t *testing.T) { | func TestIsDeploymentUsingSecretsUsingVolumes(t *testing.T) { | ||||||
| 	secretNamesToSearch := map[string]*corev1.Secret{ | 	secretNamesToSearch := map[string]*corev1.Secret{ | ||||||
| 		"onepassword-database-secret": {}, | 		"onepassword-database-secret":  {}, | ||||||
| 		"onepassword-api-key":         {}, | 		"onepassword-api-key":          {}, | ||||||
|  | 		"onepassword-app-token":        {}, | ||||||
|  | 		"onepassword-user-credentials": {}, | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
| 	volumeSecretNames := []string{ | 	volumeSecretNames := []string{ | ||||||
| 		"onepassword-database-secret", | 		"onepassword-database-secret", | ||||||
| 		"onepassword-api-key", | 		"onepassword-api-key", | ||||||
| 		"some_other_key", |  | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
|  | 	volumes := generateVolumes(volumeSecretNames) | ||||||
|  |  | ||||||
|  | 	volumeProjectedSecretNames := []string{ | ||||||
|  | 		"onepassword-app-token", | ||||||
|  | 		"onepassword-user-credentials", | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	volumeProjected := generateVolumesProjected(volumeProjectedSecretNames) | ||||||
|  |  | ||||||
|  | 	volumes = append(volumes, volumeProjected) | ||||||
|  |  | ||||||
| 	deployment := &appsv1.Deployment{} | 	deployment := &appsv1.Deployment{} | ||||||
| 	deployment.Spec.Template.Spec.Volumes = generateVolumes(volumeSecretNames) | 	deployment.Spec.Template.Spec.Volumes = volumes | ||||||
| 	if !IsDeploymentUsingSecrets(deployment, secretNamesToSearch) { | 	if !IsDeploymentUsingSecrets(deployment, secretNamesToSearch) { | ||||||
| 		t.Errorf("Expected that deployment was using secrets but they were not detected.") | 		t.Errorf("Expected that deployment was using secrets but they were not detected.") | ||||||
| 	} | 	} | ||||||
|   | |||||||
| @@ -1,42 +1,44 @@ | |||||||
| package onepassword | package onepassword | ||||||
|  |  | ||||||
| import ( | import ( | ||||||
|  | 	"context" | ||||||
| 	"fmt" | 	"fmt" | ||||||
| 	"strings" | 	"strings" | ||||||
|  |  | ||||||
| 	"github.com/1Password/connect-sdk-go/connect" |  | ||||||
| 	"github.com/1Password/connect-sdk-go/onepassword" |  | ||||||
|  |  | ||||||
| 	logf "sigs.k8s.io/controller-runtime/pkg/log" | 	logf "sigs.k8s.io/controller-runtime/pkg/log" | ||||||
|  |  | ||||||
|  | 	opclient "github.com/1Password/onepassword-operator/pkg/onepassword/client" | ||||||
|  | 	"github.com/1Password/onepassword-operator/pkg/onepassword/model" | ||||||
| ) | ) | ||||||
|  |  | ||||||
| var logger = logf.Log.WithName("retrieve_item") | var logger = logf.Log.WithName("retrieve_item") | ||||||
|  |  | ||||||
| func GetOnePasswordItemByPath(opConnectClient connect.Client, path string) (*onepassword.Item, error) { | func GetOnePasswordItemByPath(ctx context.Context, opClient opclient.Client, path string) (*model.Item, error) { | ||||||
| 	vaultValue, itemValue, err := ParseVaultAndItemFromPath(path) | 	vaultNameOrID, itemNameOrID, err := ParseVaultAndItemFromPath(path) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		return nil, err | 		return nil, err | ||||||
| 	} | 	} | ||||||
| 	vaultId, err := getVaultId(opConnectClient, vaultValue) | 	vaultID, err := getVaultID(ctx, opClient, vaultNameOrID) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		return nil, err | 		return nil, fmt.Errorf("failed to 'getVaultID' for vaultNameOrID='%s': %w", vaultNameOrID, err) | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
| 	itemId, err := getItemId(opConnectClient, itemValue, vaultId) | 	itemID, err := getItemID(ctx, opClient, vaultID, itemNameOrID) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		return nil, err | 		return nil, fmt.Errorf("faild to 'getItemID' for vaultID='%s' and itemNameOrID='%s': %w", vaultID, itemNameOrID, err) | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
| 	item, err := opConnectClient.GetItem(itemId, vaultId) | 	item, err := opClient.GetItemByID(ctx, vaultID, itemID) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		return nil, err | 		return nil, fmt.Errorf("faield to 'GetItemByID' for vaultID='%s' and itemID='%s': %w", vaultID, itemID, err) | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
| 	for _, file := range item.Files { | 	for i, file := range item.Files { | ||||||
| 		_, err := opConnectClient.GetFileContent(file) | 		content, err := opClient.GetFileContent(ctx, vaultID, itemID, file.ID) | ||||||
| 		if err != nil { | 		if err != nil { | ||||||
| 			return nil, err | 			return nil, err | ||||||
| 		} | 		} | ||||||
|  | 		item.Files[i].SetContent(content) | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
| 	return item, nil | 	return item, nil | ||||||
| @@ -50,15 +52,15 @@ func ParseVaultAndItemFromPath(path string) (string, string, error) { | |||||||
| 	return "", "", fmt.Errorf("%q is not an acceptable path for One Password item. Must be of the format: `vaults/{vault_id}/items/{item_id}`", path) | 	return "", "", fmt.Errorf("%q is not an acceptable path for One Password item. Must be of the format: `vaults/{vault_id}/items/{item_id}`", path) | ||||||
| } | } | ||||||
|  |  | ||||||
| func getVaultId(client connect.Client, vaultIdentifier string) (string, error) { | func getVaultID(ctx context.Context, client opclient.Client, vaultNameOrID string) (string, error) { | ||||||
| 	if !IsValidClientUUID(vaultIdentifier) { | 	if !IsValidClientUUID(vaultNameOrID) { | ||||||
| 		vaults, err := client.GetVaultsByTitle(vaultIdentifier) | 		vaults, err := client.GetVaultsByTitle(ctx, vaultNameOrID) | ||||||
| 		if err != nil { | 		if err != nil { | ||||||
| 			return "", err | 			return "", err | ||||||
| 		} | 		} | ||||||
|  |  | ||||||
| 		if len(vaults) == 0 { | 		if len(vaults) == 0 { | ||||||
| 			return "", fmt.Errorf("No vaults found with identifier %q", vaultIdentifier) | 			return "", fmt.Errorf("No vaults found with identifier %q", vaultNameOrID) | ||||||
| 		} | 		} | ||||||
|  |  | ||||||
| 		oldestVault := vaults[0] | 		oldestVault := vaults[0] | ||||||
| @@ -68,22 +70,22 @@ func getVaultId(client connect.Client, vaultIdentifier string) (string, error) { | |||||||
| 					oldestVault = returnedVault | 					oldestVault = returnedVault | ||||||
| 				} | 				} | ||||||
| 			} | 			} | ||||||
| 			logger.Info(fmt.Sprintf("%v 1Password vaults found with the title %q. Will use vault %q as it is the oldest.", len(vaults), vaultIdentifier, oldestVault.ID)) | 			logger.Info(fmt.Sprintf("%v 1Password vaults found with the title %q. Will use vault %q as it is the oldest.", len(vaults), vaultNameOrID, oldestVault.ID)) | ||||||
| 		} | 		} | ||||||
| 		vaultIdentifier = oldestVault.ID | 		vaultNameOrID = oldestVault.ID | ||||||
| 	} | 	} | ||||||
| 	return vaultIdentifier, nil | 	return vaultNameOrID, nil | ||||||
| } | } | ||||||
|  |  | ||||||
| func getItemId(client connect.Client, itemIdentifier string, vaultId string) (string, error) { | func getItemID(ctx context.Context, client opclient.Client, vaultId, itemNameOrID string) (string, error) { | ||||||
| 	if !IsValidClientUUID(itemIdentifier) { | 	if !IsValidClientUUID(itemNameOrID) { | ||||||
| 		items, err := client.GetItemsByTitle(itemIdentifier, vaultId) | 		items, err := client.GetItemsByTitle(ctx, vaultId, itemNameOrID) | ||||||
| 		if err != nil { | 		if err != nil { | ||||||
| 			return "", err | 			return "", err | ||||||
| 		} | 		} | ||||||
|  |  | ||||||
| 		if len(items) == 0 { | 		if len(items) == 0 { | ||||||
| 			return "", fmt.Errorf("No items found with identifier %q", itemIdentifier) | 			return "", fmt.Errorf("No items found with identifier %q", itemNameOrID) | ||||||
| 		} | 		} | ||||||
|  |  | ||||||
| 		oldestItem := items[0] | 		oldestItem := items[0] | ||||||
| @@ -93,9 +95,9 @@ func getItemId(client connect.Client, itemIdentifier string, vaultId string) (st | |||||||
| 					oldestItem = returnedItem | 					oldestItem = returnedItem | ||||||
| 				} | 				} | ||||||
| 			} | 			} | ||||||
| 			logger.Info(fmt.Sprintf("%v 1Password items found with the title %q. Will use item %q as it is the oldest.", len(items), itemIdentifier, oldestItem.ID)) | 			logger.Info(fmt.Sprintf("%v 1Password items found with the title %q. Will use item %q as it is the oldest.", len(items), itemNameOrID, oldestItem.ID)) | ||||||
| 		} | 		} | ||||||
| 		itemIdentifier = oldestItem.ID | 		itemNameOrID = oldestItem.ID | ||||||
| 	} | 	} | ||||||
| 	return itemIdentifier, nil | 	return itemNameOrID, nil | ||||||
| } | } | ||||||
|   | |||||||
							
								
								
									
										27
									
								
								pkg/onepassword/model/file.go
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										27
									
								
								pkg/onepassword/model/file.go
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,27 @@ | |||||||
|  | package model | ||||||
|  |  | ||||||
|  | import ( | ||||||
|  | 	"errors" | ||||||
|  | ) | ||||||
|  |  | ||||||
|  | // File represents a file stored in 1Password. | ||||||
|  | type File struct { | ||||||
|  | 	ID          string | ||||||
|  | 	Name        string | ||||||
|  | 	Size        int | ||||||
|  | 	ContentPath string | ||||||
|  | 	content     []byte | ||||||
|  | } | ||||||
|  |  | ||||||
|  | // Content returns the content of the file if they have been loaded and returns an error if they have not been loaded. | ||||||
|  | // Use `client.GetFileContent(file *File)` instead to make sure the content is fetched automatically if not present. | ||||||
|  | func (f *File) Content() ([]byte, error) { | ||||||
|  | 	if f.content == nil { | ||||||
|  | 		return nil, errors.New("file content not loaded") | ||||||
|  | 	} | ||||||
|  | 	return f.content, nil | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func (f *File) SetContent(content []byte) { | ||||||
|  | 	f.content = content | ||||||
|  | } | ||||||
							
								
								
									
										94
									
								
								pkg/onepassword/model/item.go
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										94
									
								
								pkg/onepassword/model/item.go
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,94 @@ | |||||||
|  | package model | ||||||
|  |  | ||||||
|  | import ( | ||||||
|  | 	"time" | ||||||
|  |  | ||||||
|  | 	connect "github.com/1Password/connect-sdk-go/onepassword" | ||||||
|  | 	sdk "github.com/1password/onepassword-sdk-go" | ||||||
|  | ) | ||||||
|  |  | ||||||
|  | // Item represents 1Password item. | ||||||
|  | type Item struct { | ||||||
|  | 	ID        string | ||||||
|  | 	VaultID   string | ||||||
|  | 	Version   int | ||||||
|  | 	Tags      []string | ||||||
|  | 	Fields    []ItemField | ||||||
|  | 	Files     []File | ||||||
|  | 	CreatedAt time.Time | ||||||
|  | } | ||||||
|  |  | ||||||
|  | // FromConnectItem populates the Item from a Connect item. | ||||||
|  | func (i *Item) FromConnectItem(item *connect.Item) { | ||||||
|  | 	i.ID = item.ID | ||||||
|  | 	i.VaultID = item.Vault.ID | ||||||
|  | 	i.Version = item.Version | ||||||
|  |  | ||||||
|  | 	for _, tag := range item.Tags { | ||||||
|  | 		i.Tags = append(i.Tags, tag) | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	for _, field := range item.Fields { | ||||||
|  | 		i.Fields = append(i.Fields, ItemField{ | ||||||
|  | 			Label: field.Label, | ||||||
|  | 			Value: field.Value, | ||||||
|  | 		}) | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	for _, file := range item.Files { | ||||||
|  | 		i.Files = append(i.Files, File{ | ||||||
|  | 			ID:   file.ID, | ||||||
|  | 			Name: file.Name, | ||||||
|  | 			Size: file.Size, | ||||||
|  | 		}) | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	i.CreatedAt = item.CreatedAt | ||||||
|  | } | ||||||
|  |  | ||||||
|  | // FromSDKItem populates the Item from an SDK item. | ||||||
|  | func (i *Item) FromSDKItem(item *sdk.Item) { | ||||||
|  | 	i.ID = item.ID | ||||||
|  | 	i.VaultID = item.VaultID | ||||||
|  | 	i.Version = int(item.Version) | ||||||
|  |  | ||||||
|  | 	i.Tags = make([]string, len(item.Tags)) | ||||||
|  | 	copy(i.Tags, item.Tags) | ||||||
|  |  | ||||||
|  | 	for _, field := range item.Fields { | ||||||
|  | 		i.Fields = append(i.Fields, ItemField{ | ||||||
|  | 			Label: field.Title, | ||||||
|  | 			Value: field.Value, | ||||||
|  | 		}) | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	for _, file := range item.Files { | ||||||
|  | 		i.Files = append(i.Files, File{ | ||||||
|  | 			ID:   file.Attributes.ID, | ||||||
|  | 			Name: file.Attributes.Name, | ||||||
|  | 			Size: int(file.Attributes.Size), | ||||||
|  | 		}) | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	// Items of 'Document' category keeps file information in the Document field. | ||||||
|  | 	if item.Category == sdk.ItemCategoryDocument { | ||||||
|  | 		i.Files = append(i.Files, File{ | ||||||
|  | 			ID:   item.Document.ID, | ||||||
|  | 			Name: item.Document.Name, | ||||||
|  | 			Size: int(item.Document.Size), | ||||||
|  | 		}) | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	i.CreatedAt = item.CreatedAt | ||||||
|  | } | ||||||
|  |  | ||||||
|  | // FromSDKItemOverview populates the Item from an SDK item overview. | ||||||
|  | func (i *Item) FromSDKItemOverview(item *sdk.ItemOverview) { | ||||||
|  | 	i.ID = item.ID | ||||||
|  | 	i.VaultID = item.VaultID | ||||||
|  |  | ||||||
|  | 	i.Tags = make([]string, len(item.Tags)) | ||||||
|  | 	copy(i.Tags, item.Tags) | ||||||
|  |  | ||||||
|  | 	i.CreatedAt = item.CreatedAt | ||||||
|  | } | ||||||
							
								
								
									
										7
									
								
								pkg/onepassword/model/item_field.go
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										7
									
								
								pkg/onepassword/model/item_field.go
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,7 @@ | |||||||
|  | package model | ||||||
|  |  | ||||||
|  | // ItemField Representation of a single field on an Item | ||||||
|  | type ItemField struct { | ||||||
|  | 	Label string | ||||||
|  | 	Value string | ||||||
|  | } | ||||||
							
								
								
									
										108
									
								
								pkg/onepassword/model/item_test.go
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										108
									
								
								pkg/onepassword/model/item_test.go
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,108 @@ | |||||||
|  | package model | ||||||
|  |  | ||||||
|  | import ( | ||||||
|  | 	"testing" | ||||||
|  | 	"time" | ||||||
|  |  | ||||||
|  | 	"github.com/stretchr/testify/require" | ||||||
|  |  | ||||||
|  | 	connect "github.com/1Password/connect-sdk-go/onepassword" | ||||||
|  | 	sdk "github.com/1password/onepassword-sdk-go" | ||||||
|  | ) | ||||||
|  |  | ||||||
|  | func TestItem_FromConnectItem(t *testing.T) { | ||||||
|  | 	connectItem := &connect.Item{ | ||||||
|  | 		ID: "test-item-id", | ||||||
|  | 		Vault: connect.ItemVault{ | ||||||
|  | 			ID: "test-vault-id", | ||||||
|  | 		}, | ||||||
|  | 		Version: 1, | ||||||
|  | 		Tags:    []string{"tag1", "tag2"}, | ||||||
|  | 		Fields: []*connect.ItemField{ | ||||||
|  | 			{Label: "field1", Value: "value1"}, | ||||||
|  | 			{Label: "field2", Value: "value2"}, | ||||||
|  | 		}, | ||||||
|  | 		Files: []*connect.File{ | ||||||
|  | 			{ID: "file1", Name: "file1.txt", Size: 1234}, | ||||||
|  | 			{ID: "file2", Name: "file2.txt", Size: 1234}, | ||||||
|  | 		}, | ||||||
|  | 		CreatedAt: time.Now(), | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	item := &Item{} | ||||||
|  | 	item.FromConnectItem(connectItem) | ||||||
|  |  | ||||||
|  | 	require.Equal(t, connectItem.ID, item.ID) | ||||||
|  | 	require.Equal(t, connectItem.Vault.ID, item.VaultID) | ||||||
|  | 	require.Equal(t, connectItem.Version, item.Version) | ||||||
|  | 	require.ElementsMatch(t, connectItem.Tags, item.Tags) | ||||||
|  |  | ||||||
|  | 	for i, field := range connectItem.Fields { | ||||||
|  | 		require.Equal(t, field.Label, item.Fields[i].Label) | ||||||
|  | 		require.Equal(t, field.Value, item.Fields[i].Value) | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	for i, file := range connectItem.Files { | ||||||
|  | 		require.Equal(t, file.ID, item.Files[i].ID) | ||||||
|  | 		require.Equal(t, file.Name, item.Files[i].Name) | ||||||
|  | 		require.Equal(t, file.Size, item.Files[i].Size) | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	require.Equal(t, connectItem.CreatedAt, item.CreatedAt) | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func TestItem_FromSDKItem(t *testing.T) { | ||||||
|  | 	sdkItem := &sdk.Item{ | ||||||
|  | 		ID:      "test-item-id", | ||||||
|  | 		VaultID: "test-vault-id", | ||||||
|  | 		Version: 1, | ||||||
|  | 		Tags:    []string{"tag1", "tag2"}, | ||||||
|  | 		Fields: []sdk.ItemField{ | ||||||
|  | 			{ID: "1", Title: "field1", Value: "value1"}, | ||||||
|  | 			{ID: "2", Title: "field2", Value: "value2"}, | ||||||
|  | 		}, | ||||||
|  | 		Files: []sdk.ItemFile{ | ||||||
|  | 			{Attributes: sdk.FileAttributes{Name: "file1.txt", Size: 1234}, FieldID: "file1"}, | ||||||
|  | 			{Attributes: sdk.FileAttributes{Name: "file2.txt", Size: 1234}, FieldID: "file2"}, | ||||||
|  | 		}, | ||||||
|  | 		CreatedAt: time.Now(), | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	item := &Item{} | ||||||
|  | 	item.FromSDKItem(sdkItem) | ||||||
|  |  | ||||||
|  | 	require.Equal(t, sdkItem.ID, item.ID) | ||||||
|  | 	require.Equal(t, sdkItem.VaultID, item.VaultID) | ||||||
|  | 	require.Equal(t, int(sdkItem.Version), item.Version) | ||||||
|  | 	require.ElementsMatch(t, sdkItem.Tags, item.Tags) | ||||||
|  |  | ||||||
|  | 	for i, field := range sdkItem.Fields { | ||||||
|  | 		require.Equal(t, field.Title, item.Fields[i].Label) | ||||||
|  | 		require.Equal(t, field.Value, item.Fields[i].Value) | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	for i, file := range sdkItem.Files { | ||||||
|  | 		require.Equal(t, file.Attributes.ID, item.Files[i].ID) | ||||||
|  | 		require.Equal(t, file.Attributes.Name, item.Files[i].Name) | ||||||
|  | 		require.Equal(t, int(file.Attributes.Size), item.Files[i].Size) | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	require.Equal(t, sdkItem.CreatedAt, item.CreatedAt) | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func TestItem_FromSDKItemOverview(t *testing.T) { | ||||||
|  | 	sdkItemOverview := &sdk.ItemOverview{ | ||||||
|  | 		ID:        "test-item-id", | ||||||
|  | 		VaultID:   "test-vault-id", | ||||||
|  | 		Tags:      []string{"tag1", "tag2"}, | ||||||
|  | 		CreatedAt: time.Now(), | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	item := &Item{} | ||||||
|  | 	item.FromSDKItemOverview(sdkItemOverview) | ||||||
|  |  | ||||||
|  | 	require.Equal(t, sdkItemOverview.ID, item.ID) | ||||||
|  | 	require.Equal(t, sdkItemOverview.VaultID, item.VaultID) | ||||||
|  | 	require.ElementsMatch(t, sdkItemOverview.Tags, item.Tags) | ||||||
|  | 	require.Equal(t, sdkItemOverview.CreatedAt, item.CreatedAt) | ||||||
|  | } | ||||||
							
								
								
									
										23
									
								
								pkg/onepassword/model/vault.go
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								pkg/onepassword/model/vault.go
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | |||||||
|  | package model | ||||||
|  |  | ||||||
|  | import ( | ||||||
|  | 	"time" | ||||||
|  |  | ||||||
|  | 	connect "github.com/1Password/connect-sdk-go/onepassword" | ||||||
|  | 	sdk "github.com/1password/onepassword-sdk-go" | ||||||
|  | ) | ||||||
|  |  | ||||||
|  | type Vault struct { | ||||||
|  | 	ID        string | ||||||
|  | 	CreatedAt time.Time | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func (v *Vault) FromConnectVault(vault *connect.Vault) { | ||||||
|  | 	v.ID = vault.ID | ||||||
|  | 	v.CreatedAt = vault.CreatedAt | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func (v *Vault) FromSDKVault(vault *sdk.VaultOverview) { | ||||||
|  | 	v.ID = vault.ID | ||||||
|  | 	v.CreatedAt = vault.CreatedAt | ||||||
|  | } | ||||||
							
								
								
									
										37
									
								
								pkg/onepassword/model/vault_test.go
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										37
									
								
								pkg/onepassword/model/vault_test.go
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,37 @@ | |||||||
|  | package model | ||||||
|  |  | ||||||
|  | import ( | ||||||
|  | 	"testing" | ||||||
|  | 	"time" | ||||||
|  |  | ||||||
|  | 	"github.com/stretchr/testify/require" | ||||||
|  |  | ||||||
|  | 	connect "github.com/1Password/connect-sdk-go/onepassword" | ||||||
|  | 	sdk "github.com/1password/onepassword-sdk-go" | ||||||
|  | ) | ||||||
|  |  | ||||||
|  | func TestVault_FromConnectVault(t *testing.T) { | ||||||
|  | 	connectVault := &connect.Vault{ | ||||||
|  | 		ID:        "test-id", | ||||||
|  | 		CreatedAt: time.Now(), | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	vault := &Vault{} | ||||||
|  | 	vault.FromConnectVault(connectVault) | ||||||
|  |  | ||||||
|  | 	require.Equal(t, connectVault.ID, vault.ID) | ||||||
|  | 	require.Equal(t, connectVault.CreatedAt, vault.CreatedAt) | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func TestVault_FromSDKVault(t *testing.T) { | ||||||
|  | 	sdkVault := &sdk.VaultOverview{ | ||||||
|  | 		ID:        "test-id", | ||||||
|  | 		CreatedAt: time.Now(), | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	vault := &Vault{} | ||||||
|  | 	vault.FromSDKVault(sdkVault) | ||||||
|  |  | ||||||
|  | 	require.Equal(t, sdkVault.ID, vault.ID) | ||||||
|  | 	require.Equal(t, sdkVault.CreatedAt, vault.CreatedAt) | ||||||
|  | } | ||||||
| @@ -17,6 +17,29 @@ func generateVolumes(names []string) []corev1.Volume { | |||||||
| 	} | 	} | ||||||
| 	return volumes | 	return volumes | ||||||
| } | } | ||||||
|  | func generateVolumesProjected(names []string) corev1.Volume { | ||||||
|  | 	volumesProjection := []corev1.VolumeProjection{} | ||||||
|  | 	for i := 0; i < len(names); i++ { | ||||||
|  | 		volumeProjection := corev1.VolumeProjection{ | ||||||
|  | 			Secret: &corev1.SecretProjection{ | ||||||
|  | 				LocalObjectReference: corev1.LocalObjectReference{ | ||||||
|  | 					Name: names[i], | ||||||
|  | 				}, | ||||||
|  | 			}, | ||||||
|  | 		} | ||||||
|  | 		volumesProjection = append(volumesProjection, volumeProjection) | ||||||
|  | 	} | ||||||
|  | 	volume := corev1.Volume{ | ||||||
|  | 		Name: "someName", | ||||||
|  | 		VolumeSource: corev1.VolumeSource{ | ||||||
|  | 			Projected: &corev1.ProjectedVolumeSource{ | ||||||
|  | 				Sources: volumesProjection, | ||||||
|  | 			}, | ||||||
|  | 		}, | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	return volume | ||||||
|  | } | ||||||
| func generateContainersWithSecretRefsFromEnv(names []string) []corev1.Container { | func generateContainersWithSecretRefsFromEnv(names []string) []corev1.Container { | ||||||
| 	containers := []corev1.Container{} | 	containers := []corev1.Container{} | ||||||
| 	for i := 0; i < len(names); i++ { | 	for i := 0; i < len(names); i++ { | ||||||
|   | |||||||
| @@ -7,10 +7,11 @@ import ( | |||||||
|  |  | ||||||
| 	onepasswordv1 "github.com/1Password/onepassword-operator/api/v1" | 	onepasswordv1 "github.com/1Password/onepassword-operator/api/v1" | ||||||
| 	kubeSecrets "github.com/1Password/onepassword-operator/pkg/kubernetessecrets" | 	kubeSecrets "github.com/1Password/onepassword-operator/pkg/kubernetessecrets" | ||||||
|  | 	"github.com/1Password/onepassword-operator/pkg/logs" | ||||||
|  | 	opclient "github.com/1Password/onepassword-operator/pkg/onepassword/client" | ||||||
|  | 	"github.com/1Password/onepassword-operator/pkg/onepassword/model" | ||||||
| 	"github.com/1Password/onepassword-operator/pkg/utils" | 	"github.com/1Password/onepassword-operator/pkg/utils" | ||||||
|  |  | ||||||
| 	"github.com/1Password/connect-sdk-go/connect" |  | ||||||
| 	"github.com/1Password/connect-sdk-go/onepassword" |  | ||||||
| 	appsv1 "k8s.io/api/apps/v1" | 	appsv1 "k8s.io/api/apps/v1" | ||||||
| 	corev1 "k8s.io/api/core/v1" | 	corev1 "k8s.io/api/core/v1" | ||||||
| 	"sigs.k8s.io/controller-runtime/pkg/client" | 	"sigs.k8s.io/controller-runtime/pkg/client" | ||||||
| @@ -22,37 +23,37 @@ const lockTag = "operator.1password.io:ignore-secret" | |||||||
|  |  | ||||||
| var log = logf.Log.WithName("update_op_kubernetes_secrets_task") | var log = logf.Log.WithName("update_op_kubernetes_secrets_task") | ||||||
|  |  | ||||||
| func NewManager(kubernetesClient client.Client, opConnectClient connect.Client, shouldAutoRestartDeploymentsGlobal bool) *SecretUpdateHandler { | func NewManager(kubernetesClient client.Client, opClient opclient.Client, shouldAutoRestartDeploymentsGlobal bool) *SecretUpdateHandler { | ||||||
| 	return &SecretUpdateHandler{ | 	return &SecretUpdateHandler{ | ||||||
| 		client:                             kubernetesClient, | 		client:                             kubernetesClient, | ||||||
| 		opConnectClient:                    opConnectClient, | 		opClient:                           opClient, | ||||||
| 		shouldAutoRestartDeploymentsGlobal: shouldAutoRestartDeploymentsGlobal, | 		shouldAutoRestartDeploymentsGlobal: shouldAutoRestartDeploymentsGlobal, | ||||||
| 	} | 	} | ||||||
| } | } | ||||||
|  |  | ||||||
| type SecretUpdateHandler struct { | type SecretUpdateHandler struct { | ||||||
| 	client                             client.Client | 	client                             client.Client | ||||||
| 	opConnectClient                    connect.Client | 	opClient                           opclient.Client | ||||||
| 	shouldAutoRestartDeploymentsGlobal bool | 	shouldAutoRestartDeploymentsGlobal bool | ||||||
| } | } | ||||||
|  |  | ||||||
| func (h *SecretUpdateHandler) UpdateKubernetesSecretsTask() error { | func (h *SecretUpdateHandler) UpdateKubernetesSecretsTask(ctx context.Context) error { | ||||||
| 	updatedKubernetesSecrets, err := h.updateKubernetesSecrets() | 	updatedKubernetesSecrets, err := h.updateKubernetesSecrets(ctx) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		return err | 		return err | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
| 	return h.restartDeploymentsWithUpdatedSecrets(updatedKubernetesSecrets) | 	return h.restartDeploymentsWithUpdatedSecrets(ctx, updatedKubernetesSecrets) | ||||||
| } | } | ||||||
|  |  | ||||||
| func (h *SecretUpdateHandler) restartDeploymentsWithUpdatedSecrets(updatedSecretsByNamespace map[string]map[string]*corev1.Secret) error { | func (h *SecretUpdateHandler) restartDeploymentsWithUpdatedSecrets(ctx context.Context, updatedSecretsByNamespace map[string]map[string]*corev1.Secret) error { | ||||||
| 	// No secrets to update. Exit | 	// No secrets to update. Exit | ||||||
| 	if len(updatedSecretsByNamespace) == 0 || updatedSecretsByNamespace == nil { | 	if len(updatedSecretsByNamespace) == 0 || updatedSecretsByNamespace == nil { | ||||||
| 		return nil | 		return nil | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
| 	deployments := &appsv1.DeploymentList{} | 	deployments := &appsv1.DeploymentList{} | ||||||
| 	err := h.client.List(context.Background(), deployments) | 	err := h.client.List(ctx, deployments) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		log.Error(err, "Failed to list kubernetes deployments") | 		log.Error(err, "Failed to list kubernetes deployments") | ||||||
| 		return err | 		return err | ||||||
| @@ -62,7 +63,7 @@ func (h *SecretUpdateHandler) restartDeploymentsWithUpdatedSecrets(updatedSecret | |||||||
| 		return nil | 		return nil | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
| 	setForAutoRestartByNamespaceMap, err := h.getIsSetForAutoRestartByNamespaceMap() | 	setForAutoRestartByNamespaceMap, err := h.getIsSetForAutoRestartByNamespaceMap(ctx) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		return err | 		return err | ||||||
| 	} | 	} | ||||||
| @@ -77,32 +78,32 @@ func (h *SecretUpdateHandler) restartDeploymentsWithUpdatedSecrets(updatedSecret | |||||||
| 		} | 		} | ||||||
| 		for _, secret := range updatedDeploymentSecrets { | 		for _, secret := range updatedDeploymentSecrets { | ||||||
| 			if isSecretSetForAutoRestart(secret, deployment, setForAutoRestartByNamespaceMap) { | 			if isSecretSetForAutoRestart(secret, deployment, setForAutoRestartByNamespaceMap) { | ||||||
| 				h.restartDeployment(deployment) | 				h.restartDeployment(ctx, deployment) | ||||||
| 				continue | 				continue | ||||||
| 			} | 			} | ||||||
| 		} | 		} | ||||||
|  |  | ||||||
| 		log.Info(fmt.Sprintf("Deployment %q at namespace %q is up to date", deployment.GetName(), deployment.Namespace)) | 		log.V(logs.DebugLevel).Info(fmt.Sprintf("Deployment %q at namespace %q is up to date", deployment.GetName(), deployment.Namespace)) | ||||||
|  |  | ||||||
| 	} | 	} | ||||||
| 	return nil | 	return nil | ||||||
| } | } | ||||||
|  |  | ||||||
| func (h *SecretUpdateHandler) restartDeployment(deployment *appsv1.Deployment) { | func (h *SecretUpdateHandler) restartDeployment(ctx context.Context, deployment *appsv1.Deployment) { | ||||||
| 	log.Info(fmt.Sprintf("Deployment %q at namespace %q references an updated secret. Restarting", deployment.GetName(), deployment.Namespace)) | 	log.Info(fmt.Sprintf("Deployment %q at namespace %q references an updated secret. Restarting", deployment.GetName(), deployment.Namespace)) | ||||||
| 	if deployment.Spec.Template.Annotations == nil { | 	if deployment.Spec.Template.Annotations == nil { | ||||||
| 		deployment.Spec.Template.Annotations = map[string]string{} | 		deployment.Spec.Template.Annotations = map[string]string{} | ||||||
| 	} | 	} | ||||||
| 	deployment.Spec.Template.Annotations[RestartAnnotation] = time.Now().String() | 	deployment.Spec.Template.Annotations[RestartAnnotation] = time.Now().String() | ||||||
| 	err := h.client.Update(context.Background(), deployment) | 	err := h.client.Update(ctx, deployment) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		log.Error(err, "Problem restarting deployment") | 		log.Error(err, "Problem restarting deployment") | ||||||
| 	} | 	} | ||||||
| } | } | ||||||
|  |  | ||||||
| func (h *SecretUpdateHandler) updateKubernetesSecrets() (map[string]map[string]*corev1.Secret, error) { | func (h *SecretUpdateHandler) updateKubernetesSecrets(ctx context.Context) (map[string]map[string]*corev1.Secret, error) { | ||||||
| 	secrets := &corev1.SecretList{} | 	secrets := &corev1.SecretList{} | ||||||
| 	err := h.client.List(context.Background(), secrets) | 	err := h.client.List(ctx, secrets) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		log.Error(err, "Failed to list kubernetes secrets") | 		log.Error(err, "Failed to list kubernetes secrets") | ||||||
| 		return nil, err | 		return nil, err | ||||||
| @@ -120,22 +121,22 @@ func (h *SecretUpdateHandler) updateKubernetesSecrets() (map[string]map[string]* | |||||||
|  |  | ||||||
| 		OnePasswordItemPath := h.getPathFromOnePasswordItem(secret) | 		OnePasswordItemPath := h.getPathFromOnePasswordItem(secret) | ||||||
|  |  | ||||||
| 		item, err := GetOnePasswordItemByPath(h.opConnectClient, OnePasswordItemPath) | 		item, err := GetOnePasswordItemByPath(ctx, h.opClient, OnePasswordItemPath) | ||||||
| 		if err != nil { | 		if err != nil { | ||||||
| 			log.Error(err, "failed to retrieve 1Password item at path \"%s\" for secret \"%s\"", secret.Annotations[ItemPathAnnotation], secret.Name) | 			log.Error(err, fmt.Sprintf("failed to retrieve 1Password item at path %s for secret %s", secret.Annotations[ItemPathAnnotation], secret.Name)) | ||||||
| 			continue | 			continue | ||||||
| 		} | 		} | ||||||
|  |  | ||||||
| 		itemVersion := fmt.Sprint(item.Version) | 		itemVersion := fmt.Sprint(item.Version) | ||||||
| 		itemPathString := fmt.Sprintf("vaults/%v/items/%v", item.Vault.ID, item.ID) | 		itemPathString := fmt.Sprintf("vaults/%v/items/%v", item.VaultID, item.ID) | ||||||
|  |  | ||||||
| 		if currentVersion != itemVersion || secret.Annotations[ItemPathAnnotation] != itemPathString { | 		if currentVersion != itemVersion || secret.Annotations[ItemPathAnnotation] != itemPathString { | ||||||
| 			if isItemLockedForForcedRestarts(item) { | 			if isItemLockedForForcedRestarts(item) { | ||||||
| 				log.Info(fmt.Sprintf("Secret '%v' has been updated in 1Password but is set to be ignored. Updates to an ignored secret will not trigger an update to a kubernetes secret or a rolling restart.", secret.GetName())) | 				log.V(logs.DebugLevel).Info(fmt.Sprintf("Secret '%v' has been updated in 1Password but is set to be ignored. Updates to an ignored secret will not trigger an update to a kubernetes secret or a rolling restart.", secret.GetName())) | ||||||
| 				secret.Annotations[VersionAnnotation] = itemVersion | 				secret.Annotations[VersionAnnotation] = itemVersion | ||||||
| 				secret.Annotations[ItemPathAnnotation] = itemPathString | 				secret.Annotations[ItemPathAnnotation] = itemPathString | ||||||
| 				if err := h.client.Update(context.Background(), &secret); err != nil { | 				if err := h.client.Update(ctx, &secret); err != nil { | ||||||
| 					log.Error(err, "failed to update secret %s annotations to version %d: %s", secret.Name, itemVersion, err) | 					log.Error(err, fmt.Sprintf("failed to update secret %s annotations to version %s", secret.Name, itemVersion)) | ||||||
| 					continue | 					continue | ||||||
| 				} | 				} | ||||||
| 				continue | 				continue | ||||||
| @@ -144,9 +145,9 @@ func (h *SecretUpdateHandler) updateKubernetesSecrets() (map[string]map[string]* | |||||||
| 			secret.Annotations[VersionAnnotation] = itemVersion | 			secret.Annotations[VersionAnnotation] = itemVersion | ||||||
| 			secret.Annotations[ItemPathAnnotation] = itemPathString | 			secret.Annotations[ItemPathAnnotation] = itemPathString | ||||||
| 			secret.Data = kubeSecrets.BuildKubernetesSecretData(item.Fields, item.Files) | 			secret.Data = kubeSecrets.BuildKubernetesSecretData(item.Fields, item.Files) | ||||||
| 			log.Info(fmt.Sprintf("New secret path: %v and version: %v", secret.Annotations[ItemPathAnnotation], secret.Annotations[VersionAnnotation])) | 			log.V(logs.DebugLevel).Info(fmt.Sprintf("New secret path: %v and version: %v", secret.Annotations[ItemPathAnnotation], secret.Annotations[VersionAnnotation])) | ||||||
| 			if err := h.client.Update(context.Background(), &secret); err != nil { | 			if err := h.client.Update(ctx, &secret); err != nil { | ||||||
| 				log.Error(err, "failed to update secret %s to version %d: %s", secret.Name, itemVersion, err) | 				log.Error(err, fmt.Sprintf("failed to update secret %s to version %s", secret.Name, itemVersion)) | ||||||
| 				continue | 				continue | ||||||
| 			} | 			} | ||||||
| 			if updatedSecrets[secret.Namespace] == nil { | 			if updatedSecrets[secret.Namespace] == nil { | ||||||
| @@ -158,7 +159,7 @@ func (h *SecretUpdateHandler) updateKubernetesSecrets() (map[string]map[string]* | |||||||
| 	return updatedSecrets, nil | 	return updatedSecrets, nil | ||||||
| } | } | ||||||
|  |  | ||||||
| func isItemLockedForForcedRestarts(item *onepassword.Item) bool { | func isItemLockedForForcedRestarts(item *model.Item) bool { | ||||||
| 	tags := item.Tags | 	tags := item.Tags | ||||||
| 	for i := 0; i < len(tags); i++ { | 	for i := 0; i < len(tags); i++ { | ||||||
| 		if tags[i] == lockTag { | 		if tags[i] == lockTag { | ||||||
| @@ -176,9 +177,9 @@ func isUpdatedSecret(secretName string, updatedSecrets map[string]*corev1.Secret | |||||||
| 	return false | 	return false | ||||||
| } | } | ||||||
|  |  | ||||||
| func (h *SecretUpdateHandler) getIsSetForAutoRestartByNamespaceMap() (map[string]bool, error) { | func (h *SecretUpdateHandler) getIsSetForAutoRestartByNamespaceMap(ctx context.Context) (map[string]bool, error) { | ||||||
| 	namespaces := &corev1.NamespaceList{} | 	namespaces := &corev1.NamespaceList{} | ||||||
| 	err := h.client.List(context.Background(), namespaces) | 	err := h.client.List(ctx, namespaces) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		log.Error(err, "Failed to list kubernetes namespaces") | 		log.Error(err, "Failed to list kubernetes namespaces") | ||||||
| 		return nil, err | 		return nil, err | ||||||
| @@ -217,7 +218,7 @@ func isSecretSetForAutoRestart(secret *corev1.Secret, deployment *appsv1.Deploym | |||||||
|  |  | ||||||
| 	restartDeploymentBool, err := utils.StringToBool(restartDeployment) | 	restartDeploymentBool, err := utils.StringToBool(restartDeployment) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		log.Error(err, "Error parsing %v annotation on Secret %v. Must be true or false. Defaulting to false.", RestartDeploymentsAnnotation, secret.Name) | 		log.Error(err, fmt.Sprintf("Error parsing %s annotation on Secret %s. Must be true or false. Defaulting to false.", RestartDeploymentsAnnotation, secret.Name)) | ||||||
| 		return false | 		return false | ||||||
| 	} | 	} | ||||||
| 	return restartDeploymentBool | 	return restartDeploymentBool | ||||||
| @@ -232,7 +233,7 @@ func isDeploymentSetForAutoRestart(deployment *appsv1.Deployment, setForAutoRest | |||||||
|  |  | ||||||
| 	restartDeploymentBool, err := utils.StringToBool(restartDeployment) | 	restartDeploymentBool, err := utils.StringToBool(restartDeployment) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		log.Error(err, "Error parsing %v annotation on Deployment %v. Must be true or false. Defaulting to false.", RestartDeploymentsAnnotation, deployment.Name) | 		log.Error(err, fmt.Sprintf("Error parsing %s annotation on Deployment %s. Must be true or false. Defaulting to false.", RestartDeploymentsAnnotation, deployment.Name)) | ||||||
| 		return false | 		return false | ||||||
| 	} | 	} | ||||||
| 	return restartDeploymentBool | 	return restartDeploymentBool | ||||||
| @@ -247,7 +248,7 @@ func (h *SecretUpdateHandler) isNamespaceSetToAutoRestart(namespace *corev1.Name | |||||||
|  |  | ||||||
| 	restartDeploymentBool, err := utils.StringToBool(restartDeployment) | 	restartDeploymentBool, err := utils.StringToBool(restartDeployment) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		log.Error(err, "Error parsing %v annotation on Namespace %v. Must be true or false. Defaulting to false.", RestartDeploymentsAnnotation, namespace.Name) | 		log.Error(err, fmt.Sprintf("Error parsing %s annotation on Namespace %s. Must be true or false. Defaulting to false.", RestartDeploymentsAnnotation, namespace.Name)) | ||||||
| 		return false | 		return false | ||||||
| 	} | 	} | ||||||
| 	return restartDeploymentBool | 	return restartDeploymentBool | ||||||
|   | |||||||
| @@ -4,11 +4,14 @@ import ( | |||||||
| 	"context" | 	"context" | ||||||
| 	"fmt" | 	"fmt" | ||||||
| 	"testing" | 	"testing" | ||||||
|  | 	"time" | ||||||
|  |  | ||||||
|  | 	"github.com/stretchr/testify/assert" | ||||||
|  | 	"github.com/stretchr/testify/mock" | ||||||
|  |  | ||||||
| 	"github.com/1Password/onepassword-operator/pkg/mocks" | 	"github.com/1Password/onepassword-operator/pkg/mocks" | ||||||
|  | 	"github.com/1Password/onepassword-operator/pkg/onepassword/model" | ||||||
|  |  | ||||||
| 	"github.com/1Password/connect-sdk-go/onepassword" |  | ||||||
| 	"github.com/stretchr/testify/assert" |  | ||||||
| 	appsv1 "k8s.io/api/apps/v1" | 	appsv1 "k8s.io/api/apps/v1" | ||||||
| 	corev1 "k8s.io/api/core/v1" | 	corev1 "k8s.io/api/core/v1" | ||||||
| 	errors2 "k8s.io/apimachinery/pkg/api/errors" | 	errors2 "k8s.io/apimachinery/pkg/api/errors" | ||||||
| @@ -784,7 +787,7 @@ var tests = []testUpdateSecretTask{ | |||||||
| func TestUpdateSecretHandler(t *testing.T) { | func TestUpdateSecretHandler(t *testing.T) { | ||||||
| 	for _, testData := range tests { | 	for _, testData := range tests { | ||||||
| 		t.Run(testData.testName, func(t *testing.T) { | 		t.Run(testData.testName, func(t *testing.T) { | ||||||
|  | 			ctx := context.Background() | ||||||
| 			// Register operator types with the runtime scheme. | 			// Register operator types with the runtime scheme. | ||||||
| 			s := scheme.Scheme | 			s := scheme.Scheme | ||||||
| 			s.AddKnownTypes(appsv1.SchemeGroupVersion, testData.existingDeployment) | 			s.AddKnownTypes(appsv1.SchemeGroupVersion, testData.existingDeployment) | ||||||
| @@ -802,23 +805,15 @@ func TestUpdateSecretHandler(t *testing.T) { | |||||||
| 			// Create a fake client to mock API calls. | 			// Create a fake client to mock API calls. | ||||||
| 			cl := fake.NewClientBuilder().WithScheme(s).WithRuntimeObjects(objs...).Build() | 			cl := fake.NewClientBuilder().WithScheme(s).WithRuntimeObjects(objs...).Build() | ||||||
|  |  | ||||||
| 			opConnectClient := &mocks.TestClient{} | 			mockOpClient := &mocks.TestClient{} | ||||||
| 			mocks.DoGetItemFunc = func(uuid string, vaultUUID string) (*onepassword.Item, error) { | 			mockOpClient.On("GetItemByID", mock.Anything, mock.Anything).Return(createItem(), nil) | ||||||
|  |  | ||||||
| 				item := onepassword.Item{} |  | ||||||
| 				item.Fields = generateFields(testData.opItem["username"], testData.opItem["password"]) |  | ||||||
| 				item.Version = itemVersion |  | ||||||
| 				item.Vault.ID = vaultUUID |  | ||||||
| 				item.ID = uuid |  | ||||||
| 				return &item, nil |  | ||||||
| 			} |  | ||||||
| 			h := &SecretUpdateHandler{ | 			h := &SecretUpdateHandler{ | ||||||
| 				client:                             cl, | 				client:                             cl, | ||||||
| 				opConnectClient:                    opConnectClient, | 				opClient:                           mockOpClient, | ||||||
| 				shouldAutoRestartDeploymentsGlobal: testData.globalAutoRestartEnabled, | 				shouldAutoRestartDeploymentsGlobal: testData.globalAutoRestartEnabled, | ||||||
| 			} | 			} | ||||||
|  |  | ||||||
| 			err := h.UpdateKubernetesSecretsTask() | 			err := h.UpdateKubernetesSecretsTask(ctx) | ||||||
|  |  | ||||||
| 			assert.Equal(t, testData.expectedError, err) | 			assert.Equal(t, testData.expectedError, err) | ||||||
|  |  | ||||||
| @@ -831,7 +826,7 @@ func TestUpdateSecretHandler(t *testing.T) { | |||||||
|  |  | ||||||
| 			// Check if Secret has been created and has the correct data | 			// Check if Secret has been created and has the correct data | ||||||
| 			secret := &corev1.Secret{} | 			secret := &corev1.Secret{} | ||||||
| 			err = cl.Get(context.TODO(), types.NamespacedName{Name: expectedSecretName, Namespace: namespace}, secret) | 			err = cl.Get(ctx, types.NamespacedName{Name: expectedSecretName, Namespace: namespace}, secret) | ||||||
|  |  | ||||||
| 			if testData.expectedResultSecret == nil { | 			if testData.expectedResultSecret == nil { | ||||||
| 				assert.Error(t, err) | 				assert.Error(t, err) | ||||||
| @@ -845,7 +840,7 @@ func TestUpdateSecretHandler(t *testing.T) { | |||||||
|  |  | ||||||
| 			//check if deployment has been restarted | 			//check if deployment has been restarted | ||||||
| 			deployment := &appsv1.Deployment{} | 			deployment := &appsv1.Deployment{} | ||||||
| 			err = cl.Get(context.TODO(), types.NamespacedName{Name: testData.existingDeployment.Name, Namespace: namespace}, deployment) | 			err = cl.Get(ctx, types.NamespacedName{Name: testData.existingDeployment.Name, Namespace: namespace}, deployment) | ||||||
|  |  | ||||||
| 			_, ok := deployment.Spec.Template.Annotations[RestartAnnotation] | 			_, ok := deployment.Spec.Template.Annotations[RestartAnnotation] | ||||||
| 			if ok { | 			if ok { | ||||||
| @@ -879,16 +874,23 @@ func TestIsUpdatedSecret(t *testing.T) { | |||||||
| 	assert.True(t, isUpdatedSecret(secretName, updatedSecrets)) | 	assert.True(t, isUpdatedSecret(secretName, updatedSecrets)) | ||||||
| } | } | ||||||
|  |  | ||||||
| func generateFields(username, password string) []*onepassword.ItemField { | func createItem() *model.Item { | ||||||
| 	fields := []*onepassword.ItemField{ | 	return &model.Item{ | ||||||
| 		{ | 		ID:      itemId, | ||||||
| 			Label: "username", | 		VaultID: vaultId, | ||||||
| 			Value: username, | 		Version: itemVersion, | ||||||
| 		}, | 		Tags:    []string{"tag1", "tag2"}, | ||||||
| 		{ | 		Fields: []model.ItemField{ | ||||||
| 			Label: "password", | 			{ | ||||||
| 			Value: password, | 				Label: "username", | ||||||
|  | 				Value: username, | ||||||
|  | 			}, | ||||||
|  | 			{ | ||||||
|  | 				Label: "password", | ||||||
|  | 				Value: password, | ||||||
|  | 			}, | ||||||
| 		}, | 		}, | ||||||
|  | 		Files:     []model.File{}, | ||||||
|  | 		CreatedAt: time.Now(), | ||||||
| 	} | 	} | ||||||
| 	return fields |  | ||||||
| } | } | ||||||
|   | |||||||
| @@ -4,26 +4,55 @@ import corev1 "k8s.io/api/core/v1" | |||||||
|  |  | ||||||
| func AreVolumesUsingSecrets(volumes []corev1.Volume, secrets map[string]*corev1.Secret) bool { | func AreVolumesUsingSecrets(volumes []corev1.Volume, secrets map[string]*corev1.Secret) bool { | ||||||
| 	for i := 0; i < len(volumes); i++ { | 	for i := 0; i < len(volumes); i++ { | ||||||
| 		if secret := volumes[i].Secret; secret != nil { | 		secret := IsVolumeUsingSecret(volumes[i], secrets) | ||||||
| 			secretName := secret.SecretName | 		secretProjection := IsVolumeUsingSecretProjection(volumes[i], secrets) | ||||||
| 			_, ok := secrets[secretName] | 		if secret == nil && secretProjection == nil { | ||||||
| 			if ok { | 			return false | ||||||
| 				return true |  | ||||||
| 			} |  | ||||||
| 		} | 		} | ||||||
| 	} | 	} | ||||||
| 	return false | 	if len(volumes) == 0 { | ||||||
|  | 		return false | ||||||
|  | 	} | ||||||
|  | 	return true | ||||||
| } | } | ||||||
|  |  | ||||||
| func AppendUpdatedVolumeSecrets(volumes []corev1.Volume, secrets map[string]*corev1.Secret, updatedDeploymentSecrets map[string]*corev1.Secret) map[string]*corev1.Secret { | func AppendUpdatedVolumeSecrets(volumes []corev1.Volume, secrets map[string]*corev1.Secret, updatedDeploymentSecrets map[string]*corev1.Secret) map[string]*corev1.Secret { | ||||||
| 	for i := 0; i < len(volumes); i++ { | 	for i := 0; i < len(volumes); i++ { | ||||||
| 		if secret := volumes[i].Secret; secret != nil { | 		secret := IsVolumeUsingSecret(volumes[i], secrets) | ||||||
| 			secretName := secret.SecretName | 		if secret != nil { | ||||||
| 			secret, ok := secrets[secretName] | 			updatedDeploymentSecrets[secret.Name] = secret | ||||||
| 			if ok { | 		} else { | ||||||
| 				updatedDeploymentSecrets[secret.Name] = secret | 			secretProjection := IsVolumeUsingSecretProjection(volumes[i], secrets) | ||||||
|  | 			if secretProjection != nil { | ||||||
|  | 				updatedDeploymentSecrets[secretProjection.Name] = secretProjection | ||||||
| 			} | 			} | ||||||
| 		} | 		} | ||||||
| 	} | 	} | ||||||
| 	return updatedDeploymentSecrets | 	return updatedDeploymentSecrets | ||||||
| } | } | ||||||
|  |  | ||||||
|  | func IsVolumeUsingSecret(volume corev1.Volume, secrets map[string]*corev1.Secret) *corev1.Secret { | ||||||
|  | 	if secret := volume.Secret; secret != nil { | ||||||
|  | 		secretName := secret.SecretName | ||||||
|  | 		secretFound, ok := secrets[secretName] | ||||||
|  | 		if ok { | ||||||
|  | 			return secretFound | ||||||
|  | 		} | ||||||
|  | 	} | ||||||
|  | 	return nil | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func IsVolumeUsingSecretProjection(volume corev1.Volume, secrets map[string]*corev1.Secret) *corev1.Secret { | ||||||
|  | 	if volume.Projected != nil { | ||||||
|  | 		for i := 0; i < len(volume.Projected.Sources); i++ { | ||||||
|  | 			if secret := volume.Projected.Sources[i].Secret; secret != nil { | ||||||
|  | 				secretName := secret.Name | ||||||
|  | 				secretFound, ok := secrets[secretName] | ||||||
|  | 				if ok { | ||||||
|  | 					return secretFound | ||||||
|  | 				} | ||||||
|  | 			} | ||||||
|  | 		} | ||||||
|  | 	} | ||||||
|  | 	return nil | ||||||
|  | } | ||||||
|   | |||||||
| @@ -8,18 +8,28 @@ import ( | |||||||
|  |  | ||||||
| func TestAreVolmesUsingSecrets(t *testing.T) { | func TestAreVolmesUsingSecrets(t *testing.T) { | ||||||
| 	secretNamesToSearch := map[string]*corev1.Secret{ | 	secretNamesToSearch := map[string]*corev1.Secret{ | ||||||
| 		"onepassword-database-secret": {}, | 		"onepassword-database-secret":  {}, | ||||||
| 		"onepassword-api-key":         {}, | 		"onepassword-api-key":          {}, | ||||||
|  | 		"onepassword-app-token":        {}, | ||||||
|  | 		"onepassword-user-credentials": {}, | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
| 	volumeSecretNames := []string{ | 	volumeSecretNames := []string{ | ||||||
| 		"onepassword-database-secret", | 		"onepassword-database-secret", | ||||||
| 		"onepassword-api-key", | 		"onepassword-api-key", | ||||||
| 		"some_other_key", |  | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
| 	volumes := generateVolumes(volumeSecretNames) | 	volumes := generateVolumes(volumeSecretNames) | ||||||
|  |  | ||||||
|  | 	volumeProjectedSecretNames := []string{ | ||||||
|  | 		"onepassword-app-token", | ||||||
|  | 		"onepassword-user-credentials", | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	volumeProjected := generateVolumesProjected(volumeProjectedSecretNames) | ||||||
|  |  | ||||||
|  | 	volumes = append(volumes, volumeProjected) | ||||||
|  |  | ||||||
| 	if !AreVolumesUsingSecrets(volumes, secretNamesToSearch) { | 	if !AreVolumesUsingSecrets(volumes, secretNamesToSearch) { | ||||||
| 		t.Errorf("Expected that volumes were using secrets but they were not detected.") | 		t.Errorf("Expected that volumes were using secrets but they were not detected.") | ||||||
| 	} | 	} | ||||||
|   | |||||||
| @@ -19,6 +19,7 @@ import ( | |||||||
| 	"os" | 	"os" | ||||||
| 	"strings" | 	"strings" | ||||||
|  |  | ||||||
|  | 	"github.com/1Password/onepassword-operator/pkg/logs" | ||||||
| 	logf "sigs.k8s.io/controller-runtime/pkg/log" | 	logf "sigs.k8s.io/controller-runtime/pkg/log" | ||||||
| ) | ) | ||||||
|  |  | ||||||
| @@ -54,7 +55,7 @@ func GetOperatorNamespace() (string, error) { | |||||||
| 		return "", err | 		return "", err | ||||||
| 	} | 	} | ||||||
| 	ns := strings.TrimSpace(string(nsBytes)) | 	ns := strings.TrimSpace(string(nsBytes)) | ||||||
| 	log.V(1).Info("Found namespace", "Namespace", ns) | 	log.V(logs.DebugLevel).Info("Found namespace", "Namespace", ns) | ||||||
| 	return ns, nil | 	return ns, nil | ||||||
| } | } | ||||||
|  |  | ||||||
|   | |||||||
							
								
								
									
										21
									
								
								vendor/github.com/1Password/connect-sdk-go/LICENSE
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										21
									
								
								vendor/github.com/1Password/connect-sdk-go/LICENSE
									
									
									
										generated
									
									
										vendored
									
									
								
							| @@ -1,21 +0,0 @@ | |||||||
| MIT License |  | ||||||
|  |  | ||||||
| Copyright (c) 2021 1Password |  | ||||||
|  |  | ||||||
| Permission is hereby granted, free of charge, to any person obtaining a copy |  | ||||||
| of this software and associated documentation files (the "Software"), to deal |  | ||||||
| in the Software without restriction, including without limitation the rights |  | ||||||
| to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |  | ||||||
| copies of the Software, and to permit persons to whom the Software is |  | ||||||
| furnished to do so, subject to the following conditions: |  | ||||||
|  |  | ||||||
| The above copyright notice and this permission notice shall be included in all |  | ||||||
| copies or substantial portions of the Software. |  | ||||||
|  |  | ||||||
| THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |  | ||||||
| IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |  | ||||||
| FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |  | ||||||
| AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |  | ||||||
| LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |  | ||||||
| OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |  | ||||||
| SOFTWARE. |  | ||||||
							
								
								
									
										865
									
								
								vendor/github.com/1Password/connect-sdk-go/connect/client.go
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										865
									
								
								vendor/github.com/1Password/connect-sdk-go/connect/client.go
									
									
									
										generated
									
									
										vendored
									
									
								
							| @@ -1,865 +0,0 @@ | |||||||
| package connect |  | ||||||
|  |  | ||||||
| import ( |  | ||||||
| 	"bytes" |  | ||||||
| 	"encoding/json" |  | ||||||
| 	"fmt" |  | ||||||
| 	"io" |  | ||||||
| 	"io/ioutil" |  | ||||||
| 	"net/http" |  | ||||||
| 	"net/url" |  | ||||||
| 	"os" |  | ||||||
| 	"path/filepath" |  | ||||||
| 	"reflect" |  | ||||||
| 	"regexp" |  | ||||||
|  |  | ||||||
| 	"github.com/opentracing/opentracing-go" |  | ||||||
| 	"github.com/opentracing/opentracing-go/ext" |  | ||||||
| 	jaegerClientConfig "github.com/uber/jaeger-client-go/config" |  | ||||||
| 	"github.com/uber/jaeger-client-go/zipkin" |  | ||||||
|  |  | ||||||
| 	"github.com/1Password/connect-sdk-go/onepassword" |  | ||||||
| ) |  | ||||||
|  |  | ||||||
| const ( |  | ||||||
| 	defaultUserAgent = "connect-sdk-go/%s" |  | ||||||
| ) |  | ||||||
|  |  | ||||||
| var ( |  | ||||||
| 	vaultUUIDError = fmt.Errorf("malformed vault uuid provided") |  | ||||||
| 	itemUUIDError  = fmt.Errorf("malformed item uuid provided") |  | ||||||
| 	fileUUIDError  = fmt.Errorf("malformed file uuid provided") |  | ||||||
| ) |  | ||||||
|  |  | ||||||
| // Client Represents an available 1Password Connect API to connect to |  | ||||||
| type Client interface { |  | ||||||
| 	GetVaults() ([]onepassword.Vault, error) |  | ||||||
| 	GetVault(uuid string) (*onepassword.Vault, error) |  | ||||||
| 	GetVaultByUUID(uuid string) (*onepassword.Vault, error) |  | ||||||
| 	GetVaultByTitle(title string) (*onepassword.Vault, error) |  | ||||||
| 	GetVaultsByTitle(uuid string) ([]onepassword.Vault, error) |  | ||||||
| 	GetItems(vaultQuery string) ([]onepassword.Item, error) |  | ||||||
| 	GetItem(itemQuery, vaultQuery string) (*onepassword.Item, error) |  | ||||||
| 	GetItemByUUID(uuid string, vaultQuery string) (*onepassword.Item, error) |  | ||||||
| 	GetItemByTitle(title string, vaultQuery string) (*onepassword.Item, error) |  | ||||||
| 	GetItemsByTitle(title string, vaultQuery string) ([]onepassword.Item, error) |  | ||||||
| 	CreateItem(item *onepassword.Item, vaultQuery string) (*onepassword.Item, error) |  | ||||||
| 	UpdateItem(item *onepassword.Item, vaultQuery string) (*onepassword.Item, error) |  | ||||||
| 	DeleteItem(item *onepassword.Item, vaultQuery string) error |  | ||||||
| 	DeleteItemByID(itemUUID string, vaultQuery string) error |  | ||||||
| 	DeleteItemByTitle(title string, vaultQuery string) error |  | ||||||
| 	GetFiles(itemQuery string, vaultQuery string) ([]onepassword.File, error) |  | ||||||
| 	GetFile(uuid string, itemQuery string, vaultQuery string) (*onepassword.File, error) |  | ||||||
| 	GetFileContent(file *onepassword.File) ([]byte, error) |  | ||||||
| 	DownloadFile(file *onepassword.File, targetDirectory string, overwrite bool) (string, error) |  | ||||||
| 	LoadStructFromItemByUUID(config interface{}, itemUUID string, vaultQuery string) error |  | ||||||
| 	LoadStructFromItemByTitle(config interface{}, itemTitle string, vaultQuery string) error |  | ||||||
| 	LoadStructFromItem(config interface{}, itemQuery string, vaultQuery string) error |  | ||||||
| 	LoadStruct(config interface{}) error |  | ||||||
| } |  | ||||||
|  |  | ||||||
| type httpClient interface { |  | ||||||
| 	Do(req *http.Request) (*http.Response, error) |  | ||||||
| } |  | ||||||
|  |  | ||||||
| const ( |  | ||||||
| 	envHostVariable  = "OP_CONNECT_HOST" |  | ||||||
| 	envTokenVariable = "OP_CONNECT_TOKEN" |  | ||||||
| ) |  | ||||||
|  |  | ||||||
| // NewClientFromEnvironment Returns a Secret Service client assuming that your |  | ||||||
| // jwt is set in the OP_TOKEN environment variable |  | ||||||
| func NewClientFromEnvironment() (Client, error) { |  | ||||||
| 	host, found := os.LookupEnv(envHostVariable) |  | ||||||
| 	if !found { |  | ||||||
| 		return nil, fmt.Errorf("There is no hostname available in the %q variable", envHostVariable) |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	token, found := os.LookupEnv(envTokenVariable) |  | ||||||
| 	if !found { |  | ||||||
| 		return nil, fmt.Errorf("There is no token available in the %q variable", envTokenVariable) |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	return NewClient(host, token), nil |  | ||||||
| } |  | ||||||
|  |  | ||||||
| // NewClient Returns a Secret Service client for a given url and jwt |  | ||||||
| func NewClient(url string, token string) Client { |  | ||||||
| 	return NewClientWithUserAgent(url, token, fmt.Sprintf(defaultUserAgent, SDKVersion)) |  | ||||||
| } |  | ||||||
|  |  | ||||||
| // NewClientWithUserAgent Returns a Secret Service client for a given url and jwt and identifies with userAgent |  | ||||||
| func NewClientWithUserAgent(url string, token string, userAgent string) Client { |  | ||||||
| 	if !opentracing.IsGlobalTracerRegistered() { |  | ||||||
| 		cfg := jaegerClientConfig.Configuration{} |  | ||||||
| 		zipkinPropagator := zipkin.NewZipkinB3HTTPHeaderPropagator() |  | ||||||
| 		cfg.InitGlobalTracer( |  | ||||||
| 			userAgent, |  | ||||||
| 			jaegerClientConfig.Injector(opentracing.HTTPHeaders, zipkinPropagator), |  | ||||||
| 			jaegerClientConfig.Extractor(opentracing.HTTPHeaders, zipkinPropagator), |  | ||||||
| 			jaegerClientConfig.ZipkinSharedRPCSpan(true), |  | ||||||
| 		) |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	return &restClient{ |  | ||||||
| 		URL:   url, |  | ||||||
| 		Token: token, |  | ||||||
|  |  | ||||||
| 		userAgent: userAgent, |  | ||||||
| 		tracer:    opentracing.GlobalTracer(), |  | ||||||
|  |  | ||||||
| 		client: http.DefaultClient, |  | ||||||
| 	} |  | ||||||
| } |  | ||||||
|  |  | ||||||
| type restClient struct { |  | ||||||
| 	URL       string |  | ||||||
| 	Token     string |  | ||||||
| 	userAgent string |  | ||||||
| 	tracer    opentracing.Tracer |  | ||||||
| 	client    httpClient |  | ||||||
| } |  | ||||||
|  |  | ||||||
| // GetVaults Get a list of all available vaults |  | ||||||
| func (rs *restClient) GetVaults() ([]onepassword.Vault, error) { |  | ||||||
| 	span := rs.tracer.StartSpan("GetVaults") |  | ||||||
| 	defer span.Finish() |  | ||||||
|  |  | ||||||
| 	vaultURL := fmt.Sprintf("/v1/vaults") |  | ||||||
| 	request, err := rs.buildRequest(http.MethodGet, vaultURL, http.NoBody, span) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	response, err := rs.client.Do(request) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	var vaults []onepassword.Vault |  | ||||||
| 	if err := parseResponse(response, http.StatusOK, &vaults); err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	return vaults, nil |  | ||||||
| } |  | ||||||
|  |  | ||||||
| // GetVault Get a vault based on its name or ID |  | ||||||
| func (rs *restClient) GetVault(vaultQuery string) (*onepassword.Vault, error) { |  | ||||||
| 	span := rs.tracer.StartSpan("GetVault") |  | ||||||
| 	defer span.Finish() |  | ||||||
|  |  | ||||||
| 	if vaultQuery == "" { |  | ||||||
| 		return nil, fmt.Errorf("Please provide either the vault name or its ID.") |  | ||||||
| 	} |  | ||||||
| 	if !isValidUUID(vaultQuery) { |  | ||||||
| 		return rs.GetVaultByTitle(vaultQuery) |  | ||||||
| 	} |  | ||||||
| 	return rs.GetVaultByUUID(vaultQuery) |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func (rs *restClient) GetVaultByUUID(uuid string) (*onepassword.Vault, error) { |  | ||||||
| 	if !isValidUUID(uuid) { |  | ||||||
| 		return nil, vaultUUIDError |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	span := rs.tracer.StartSpan("GetVaultByUUID") |  | ||||||
| 	defer span.Finish() |  | ||||||
|  |  | ||||||
| 	vaultURL := fmt.Sprintf("/v1/vaults/%s", uuid) |  | ||||||
| 	request, err := rs.buildRequest(http.MethodGet, vaultURL, http.NoBody, span) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	response, err := rs.client.Do(request) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
| 	var vault onepassword.Vault |  | ||||||
| 	if err := parseResponse(response, http.StatusOK, &vault); err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	return &vault, nil |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func (rs *restClient) GetVaultByTitle(vaultName string) (*onepassword.Vault, error) { |  | ||||||
| 	span := rs.tracer.StartSpan("GetVaultByTitle") |  | ||||||
| 	defer span.Finish() |  | ||||||
|  |  | ||||||
| 	vaults, err := rs.GetVaultsByTitle(vaultName) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	if len(vaults) != 1 { |  | ||||||
| 		return nil, fmt.Errorf("Found %d vaults with title %q", len(vaults), vaultName) |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	return &vaults[0], nil |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func (rs *restClient) GetVaultsByTitle(title string) ([]onepassword.Vault, error) { |  | ||||||
| 	span := rs.tracer.StartSpan("GetVaultsByTitle") |  | ||||||
| 	defer span.Finish() |  | ||||||
|  |  | ||||||
| 	filter := url.QueryEscape(fmt.Sprintf("title eq \"%s\"", title)) |  | ||||||
| 	itemURL := fmt.Sprintf("/v1/vaults?filter=%s", filter) |  | ||||||
| 	request, err := rs.buildRequest(http.MethodGet, itemURL, http.NoBody, span) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	response, err := rs.client.Do(request) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	var vaults []onepassword.Vault |  | ||||||
| 	if err := parseResponse(response, http.StatusOK, &vaults); err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	return vaults, nil |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func (rs *restClient) getVaultUUID(vaultQuery string) (string, error) { |  | ||||||
| 	if vaultQuery == "" { |  | ||||||
| 		return "", fmt.Errorf("Please provide either the vault name or its ID.") |  | ||||||
| 	} |  | ||||||
| 	if isValidUUID(vaultQuery) { |  | ||||||
| 		return vaultQuery, nil |  | ||||||
| 	} |  | ||||||
| 	vault, err := rs.GetVaultByTitle(vaultQuery) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return "", err |  | ||||||
| 	} |  | ||||||
| 	return vault.ID, nil |  | ||||||
| } |  | ||||||
|  |  | ||||||
| // GetItem Get a specific Item from the 1Password Connect API by either title or UUID |  | ||||||
| func (rs *restClient) GetItem(itemQuery string, vaultQuery string) (*onepassword.Item, error) { |  | ||||||
| 	span := rs.tracer.StartSpan("GetItem") |  | ||||||
| 	defer span.Finish() |  | ||||||
|  |  | ||||||
| 	if itemQuery == "" { |  | ||||||
| 		return nil, fmt.Errorf("Please provide either the item name or its ID.") |  | ||||||
| 	} |  | ||||||
| 	if !isValidUUID(itemQuery) { |  | ||||||
| 		return rs.GetItemByTitle(itemQuery, vaultQuery) |  | ||||||
| 	} |  | ||||||
| 	return rs.GetItemByUUID(itemQuery, vaultQuery) |  | ||||||
| } |  | ||||||
|  |  | ||||||
| // GetItemByUUID Get a specific Item from the 1Password Connect API by its UUID |  | ||||||
| func (rs *restClient) GetItemByUUID(uuid string, vaultQuery string) (*onepassword.Item, error) { |  | ||||||
| 	if !isValidUUID(uuid) { |  | ||||||
| 		return nil, itemUUIDError |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	vaultUUID, err := rs.getVaultUUID(vaultQuery) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	span := rs.tracer.StartSpan("GetItemByUUID") |  | ||||||
| 	defer span.Finish() |  | ||||||
|  |  | ||||||
| 	itemURL := fmt.Sprintf("/v1/vaults/%s/items/%s", vaultUUID, uuid) |  | ||||||
| 	request, err := rs.buildRequest(http.MethodGet, itemURL, http.NoBody, span) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	response, err := rs.client.Do(request) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
| 	var item onepassword.Item |  | ||||||
| 	if err := parseResponse(response, http.StatusOK, &item); err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	return &item, nil |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func (rs *restClient) GetItemByTitle(title string, vaultQuery string) (*onepassword.Item, error) { |  | ||||||
| 	vaultUUID, err := rs.getVaultUUID(vaultQuery) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	span := rs.tracer.StartSpan("GetItemByTitle") |  | ||||||
| 	defer span.Finish() |  | ||||||
| 	items, err := rs.GetItemsByTitle(title, vaultUUID) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	if len(items) != 1 { |  | ||||||
| 		return nil, fmt.Errorf("Found %d item(s) in vault %q with title %q", len(items), vaultUUID, title) |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	return &items[0], nil |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func (rs *restClient) GetItemsByTitle(title string, vaultQuery string) ([]onepassword.Item, error) { |  | ||||||
| 	vaultUUID, err := rs.getVaultUUID(vaultQuery) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	span := rs.tracer.StartSpan("GetItemsByTitle") |  | ||||||
| 	defer span.Finish() |  | ||||||
|  |  | ||||||
| 	filter := url.QueryEscape(fmt.Sprintf("title eq \"%s\"", title)) |  | ||||||
| 	itemURL := fmt.Sprintf("/v1/vaults/%s/items?filter=%s", vaultUUID, filter) |  | ||||||
| 	request, err := rs.buildRequest(http.MethodGet, itemURL, http.NoBody, span) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	response, err := rs.client.Do(request) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	var itemSummaries []onepassword.Item |  | ||||||
| 	if err := parseResponse(response, http.StatusOK, &itemSummaries); err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	items := make([]onepassword.Item, len(itemSummaries)) |  | ||||||
| 	for i, itemSummary := range itemSummaries { |  | ||||||
| 		tempItem, err := rs.GetItem(itemSummary.ID, itemSummary.Vault.ID) |  | ||||||
| 		if err != nil { |  | ||||||
| 			return nil, err |  | ||||||
| 		} |  | ||||||
| 		items[i] = *tempItem |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	return items, nil |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func (rs *restClient) GetItems(vaultQuery string) ([]onepassword.Item, error) { |  | ||||||
| 	vaultUUID, err := rs.getVaultUUID(vaultQuery) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	span := rs.tracer.StartSpan("GetItems") |  | ||||||
| 	defer span.Finish() |  | ||||||
|  |  | ||||||
| 	itemURL := fmt.Sprintf("/v1/vaults/%s/items", vaultUUID) |  | ||||||
| 	request, err := rs.buildRequest(http.MethodGet, itemURL, http.NoBody, span) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	response, err := rs.client.Do(request) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	var items []onepassword.Item |  | ||||||
| 	if err := parseResponse(response, http.StatusOK, &items); err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	return items, nil |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func (rs *restClient) getItemUUID(itemQuery, vaultQuery string) (string, error) { |  | ||||||
| 	if itemQuery == "" { |  | ||||||
| 		return "", fmt.Errorf("Please provide either the item name or its ID.") |  | ||||||
| 	} |  | ||||||
| 	if isValidUUID(itemQuery) { |  | ||||||
| 		return itemQuery, nil |  | ||||||
| 	} |  | ||||||
| 	item, err := rs.GetItemByTitle(itemQuery, vaultQuery) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return "", err |  | ||||||
| 	} |  | ||||||
| 	return item.ID, nil |  | ||||||
| } |  | ||||||
|  |  | ||||||
| // CreateItem Create a new item in a specified vault |  | ||||||
| func (rs *restClient) CreateItem(item *onepassword.Item, vaultQuery string) (*onepassword.Item, error) { |  | ||||||
| 	vaultUUID, err := rs.getVaultUUID(vaultQuery) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	span := rs.tracer.StartSpan("CreateItem") |  | ||||||
| 	defer span.Finish() |  | ||||||
|  |  | ||||||
| 	itemURL := fmt.Sprintf("/v1/vaults/%s/items", vaultUUID) |  | ||||||
| 	itemBody, err := json.Marshal(item) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	request, err := rs.buildRequest(http.MethodPost, itemURL, bytes.NewBuffer(itemBody), span) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	response, err := rs.client.Do(request) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	var newItem onepassword.Item |  | ||||||
| 	if err := parseResponse(response, http.StatusOK, &newItem); err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	return &newItem, nil |  | ||||||
| } |  | ||||||
|  |  | ||||||
| // UpdateItem Update a new item in a specified vault |  | ||||||
| func (rs *restClient) UpdateItem(item *onepassword.Item, vaultUUID string) (*onepassword.Item, error) { |  | ||||||
| 	span := rs.tracer.StartSpan("UpdateItem") |  | ||||||
| 	defer span.Finish() |  | ||||||
|  |  | ||||||
| 	itemURL := fmt.Sprintf("/v1/vaults/%s/items/%s", item.Vault.ID, item.ID) |  | ||||||
| 	itemBody, err := json.Marshal(item) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	request, err := rs.buildRequest(http.MethodPut, itemURL, bytes.NewBuffer(itemBody), span) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	response, err := rs.client.Do(request) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	var newItem onepassword.Item |  | ||||||
| 	if err := parseResponse(response, http.StatusOK, &newItem); err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	return &newItem, nil |  | ||||||
| } |  | ||||||
|  |  | ||||||
| // DeleteItem Delete a new item in a specified vault |  | ||||||
| func (rs *restClient) DeleteItem(item *onepassword.Item, vaultUUID string) error { |  | ||||||
| 	span := rs.tracer.StartSpan("DeleteItem") |  | ||||||
| 	defer span.Finish() |  | ||||||
|  |  | ||||||
| 	itemURL := fmt.Sprintf("/v1/vaults/%s/items/%s", item.Vault.ID, item.ID) |  | ||||||
| 	request, err := rs.buildRequest(http.MethodDelete, itemURL, http.NoBody, span) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	response, err := rs.client.Do(request) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	if err := parseResponse(response, http.StatusNoContent, nil); err != nil { |  | ||||||
| 		return err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	return nil |  | ||||||
| } |  | ||||||
|  |  | ||||||
| // DeleteItemByID Delete a new item in a specified vault, specifying the item's uuid |  | ||||||
| func (rs *restClient) DeleteItemByID(itemUUID string, vaultQuery string) error { |  | ||||||
| 	if !isValidUUID(itemUUID) { |  | ||||||
| 		return itemUUIDError |  | ||||||
| 	} |  | ||||||
| 	vaultUUID, err := rs.getVaultUUID(vaultQuery) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	span := rs.tracer.StartSpan("DeleteItemByID") |  | ||||||
| 	defer span.Finish() |  | ||||||
|  |  | ||||||
| 	itemURL := fmt.Sprintf("/v1/vaults/%s/items/%s", vaultUUID, itemUUID) |  | ||||||
| 	request, err := rs.buildRequest(http.MethodDelete, itemURL, http.NoBody, span) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	response, err := rs.client.Do(request) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	if err := parseResponse(response, http.StatusNoContent, nil); err != nil { |  | ||||||
| 		return err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	return nil |  | ||||||
| } |  | ||||||
|  |  | ||||||
| // DeleteItemByTitle Delete a new item in a specified vault, specifying the item's title |  | ||||||
| func (rs *restClient) DeleteItemByTitle(title string, vaultQuery string) error { |  | ||||||
| 	span := rs.tracer.StartSpan("DeleteItemByTitle") |  | ||||||
| 	defer span.Finish() |  | ||||||
|  |  | ||||||
| 	item, err := rs.GetItemByTitle(title, vaultQuery) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	return rs.DeleteItem(item, item.Vault.ID) |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func (rs *restClient) GetFiles(itemQuery string, vaultQuery string) ([]onepassword.File, error) { |  | ||||||
| 	vaultUUID, err := rs.getVaultUUID(vaultQuery) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
| 	itemUUID, err := rs.getItemUUID(itemQuery, vaultQuery) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	span := rs.tracer.StartSpan("GetFiles") |  | ||||||
| 	defer span.Finish() |  | ||||||
|  |  | ||||||
| 	jsonURL := fmt.Sprintf("/v1/vaults/%s/items/%s/files", vaultUUID, itemUUID) |  | ||||||
| 	request, err := rs.buildRequest(http.MethodGet, jsonURL, http.NoBody, span) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
| 	response, err := rs.client.Do(request) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
| 	if err := expectMinimumConnectVersion(response, version{1, 3, 0}); err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
| 	var files []onepassword.File |  | ||||||
| 	if err := parseResponse(response, http.StatusOK, &files); err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	return files, nil |  | ||||||
| } |  | ||||||
|  |  | ||||||
| // GetFile Get a specific File in a specified item. |  | ||||||
| // This does not include the file contents. Call GetFileContent() to load the file's content. |  | ||||||
| func (rs *restClient) GetFile(uuid string, itemQuery string, vaultQuery string) (*onepassword.File, error) { |  | ||||||
| 	if !isValidUUID(uuid) { |  | ||||||
| 		return nil, fileUUIDError |  | ||||||
| 	} |  | ||||||
| 	vaultUUID, err := rs.getVaultUUID(vaultQuery) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
| 	itemUUID, err := rs.getItemUUID(itemQuery, vaultQuery) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	span := rs.tracer.StartSpan("GetFile") |  | ||||||
| 	defer span.Finish() |  | ||||||
|  |  | ||||||
| 	itemURL := fmt.Sprintf("/v1/vaults/%s/items/%s/files/%s", vaultUUID, itemUUID, uuid) |  | ||||||
| 	request, err := rs.buildRequest(http.MethodGet, itemURL, http.NoBody, span) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	response, err := rs.client.Do(request) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
| 	if err := expectMinimumConnectVersion(response, version{1, 3, 0}); err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	var file onepassword.File |  | ||||||
| 	if err := parseResponse(response, http.StatusOK, &file); err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	return &file, nil |  | ||||||
| } |  | ||||||
|  |  | ||||||
| // GetFileContent retrieves the file's content. |  | ||||||
| // If the file's content have previously been fetched, those contents are returned without making another request. |  | ||||||
| func (rs *restClient) GetFileContent(file *onepassword.File) ([]byte, error) { |  | ||||||
| 	if content, err := file.Content(); err == nil { |  | ||||||
| 		return content, nil |  | ||||||
| 	} |  | ||||||
| 	response, err := rs.retrieveDocumentContent(file) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
| 	content, err := readResponseBody(response, http.StatusOK) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
| 	file.SetContent(content) |  | ||||||
| 	return content, nil |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func (rs *restClient) DownloadFile(file *onepassword.File, targetDirectory string, overwriteIfExists bool) (string, error) { |  | ||||||
| 	response, err := rs.retrieveDocumentContent(file) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return "", err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	path := filepath.Join(targetDirectory, filepath.Base(file.Name)) |  | ||||||
|  |  | ||||||
| 	var osFile *os.File |  | ||||||
|  |  | ||||||
| 	if overwriteIfExists { |  | ||||||
| 		osFile, err = createFile(path) |  | ||||||
| 		if err != nil { |  | ||||||
| 			return "", err |  | ||||||
| 		} |  | ||||||
| 	} else { |  | ||||||
| 		_, err = os.Stat(path) |  | ||||||
| 		if os.IsNotExist(err) { |  | ||||||
| 			osFile, err = createFile(path) |  | ||||||
| 			if err != nil { |  | ||||||
| 				return "", err |  | ||||||
| 			} |  | ||||||
| 		} else { |  | ||||||
| 			return "", fmt.Errorf("a file already exists under the %s path. In order to overwrite it, set `overwriteIfExists` to true", path) |  | ||||||
| 		} |  | ||||||
| 	} |  | ||||||
| 	defer osFile.Close() |  | ||||||
| 	if _, err = io.Copy(osFile, response.Body); err != nil { |  | ||||||
| 		return "", err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	return path, nil |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func (rs *restClient) retrieveDocumentContent(file *onepassword.File) (*http.Response, error) { |  | ||||||
| 	span := rs.tracer.StartSpan("GetFileContent") |  | ||||||
| 	defer span.Finish() |  | ||||||
|  |  | ||||||
| 	request, err := rs.buildRequest(http.MethodGet, file.ContentPath, http.NoBody, span) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	response, err := rs.client.Do(request) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
| 	if err := expectMinimumConnectVersion(response, version{1, 3, 0}); err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
| 	return response, nil |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func createFile(path string) (*os.File, error) { |  | ||||||
| 	osFile, err := os.Create(path) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
| 	err = os.Chmod(path, 0600) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
| 	return osFile, nil |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func (rs *restClient) buildRequest(method string, path string, body io.Reader, span opentracing.Span) (*http.Request, error) { |  | ||||||
| 	url := fmt.Sprintf("%s%s", rs.URL, path) |  | ||||||
|  |  | ||||||
| 	request, err := http.NewRequest(method, url, body) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	request.Header.Set("Content-Type", "application/json") |  | ||||||
| 	request.Header.Set("Authorization", fmt.Sprintf("Bearer %s", rs.Token)) |  | ||||||
| 	request.Header.Set("User-Agent", rs.userAgent) |  | ||||||
|  |  | ||||||
| 	ext.SpanKindRPCClient.Set(span) |  | ||||||
| 	ext.HTTPUrl.Set(span, path) |  | ||||||
| 	ext.HTTPMethod.Set(span, method) |  | ||||||
|  |  | ||||||
| 	rs.tracer.Inject(span.Context(), opentracing.HTTPHeaders, opentracing.HTTPHeadersCarrier(request.Header)) |  | ||||||
|  |  | ||||||
| 	return request, nil |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func loadToStruct(item *parsedItem, config reflect.Value) error { |  | ||||||
| 	t := config.Type() |  | ||||||
| 	for i := 0; i < t.NumField(); i++ { |  | ||||||
| 		value := config.Field(i) |  | ||||||
| 		field := t.Field(i) |  | ||||||
|  |  | ||||||
| 		if !value.CanSet() { |  | ||||||
| 			return fmt.Errorf("cannot load config into private fields") |  | ||||||
| 		} |  | ||||||
|  |  | ||||||
| 		item.fields = append(item.fields, &field) |  | ||||||
| 		item.values = append(item.values, &value) |  | ||||||
| 	} |  | ||||||
| 	return nil |  | ||||||
| } |  | ||||||
|  |  | ||||||
| // LoadStructFromItem Load configuration values based on struct tag from one 1P item. |  | ||||||
| // It accepts as parameters item title/UUID and vault title/UUID. |  | ||||||
| func (rs *restClient) LoadStructFromItem(i interface{}, itemQuery string, vaultQuery string) error { |  | ||||||
| 	if itemQuery == "" { |  | ||||||
| 		return fmt.Errorf("Please provide either the item name or its ID.") |  | ||||||
| 	} |  | ||||||
| 	if isValidUUID(itemQuery) { |  | ||||||
| 		return rs.LoadStructFromItemByUUID(i, itemQuery, vaultQuery) |  | ||||||
| 	} |  | ||||||
| 	return rs.LoadStructFromItemByTitle(i, itemQuery, vaultQuery) |  | ||||||
| } |  | ||||||
|  |  | ||||||
| // LoadStructFromItemByUUID Load configuration values based on struct tag from one 1P item. |  | ||||||
| func (rs *restClient) LoadStructFromItemByUUID(i interface{}, itemUUID string, vaultQuery string) error { |  | ||||||
| 	vaultUUID, err := rs.getVaultUUID(vaultQuery) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return err |  | ||||||
| 	} |  | ||||||
| 	if !isValidUUID(itemUUID) { |  | ||||||
| 		return itemUUIDError |  | ||||||
| 	} |  | ||||||
| 	config, err := checkStruct(i) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return err |  | ||||||
| 	} |  | ||||||
| 	item := parsedItem{} |  | ||||||
| 	item.itemUUID = itemUUID |  | ||||||
| 	item.vaultUUID = vaultUUID |  | ||||||
|  |  | ||||||
| 	if err := loadToStruct(&item, config); err != nil { |  | ||||||
| 		return err |  | ||||||
| 	} |  | ||||||
| 	if err := setValuesForTag(rs, &item, false); err != nil { |  | ||||||
| 		return err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	return nil |  | ||||||
| } |  | ||||||
|  |  | ||||||
| // LoadStructFromItemByTitle Load configuration values based on struct tag from one 1P item |  | ||||||
| func (rs *restClient) LoadStructFromItemByTitle(i interface{}, itemTitle string, vaultQuery string) error { |  | ||||||
| 	vaultUUID, err := rs.getVaultUUID(vaultQuery) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	config, err := checkStruct(i) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return err |  | ||||||
| 	} |  | ||||||
| 	item := parsedItem{} |  | ||||||
| 	item.itemTitle = itemTitle |  | ||||||
| 	item.vaultUUID = vaultUUID |  | ||||||
|  |  | ||||||
| 	if err := loadToStruct(&item, config); err != nil { |  | ||||||
| 		return err |  | ||||||
| 	} |  | ||||||
| 	if err := setValuesForTag(rs, &item, true); err != nil { |  | ||||||
| 		return err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	return nil |  | ||||||
| } |  | ||||||
|  |  | ||||||
| // LoadStruct Load configuration values based on struct tag |  | ||||||
| func (rs *restClient) LoadStruct(i interface{}) error { |  | ||||||
| 	config, err := checkStruct(i) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	t := config.Type() |  | ||||||
|  |  | ||||||
| 	// Multiple fields may be from a single item so we will collect them |  | ||||||
| 	items := map[string]parsedItem{} |  | ||||||
|  |  | ||||||
| 	// Fetch the Vault from the environment |  | ||||||
| 	vaultUUID, envVarFound := os.LookupEnv(envVaultVar) |  | ||||||
|  |  | ||||||
| 	for i := 0; i < t.NumField(); i++ { |  | ||||||
| 		value := config.Field(i) |  | ||||||
| 		field := t.Field(i) |  | ||||||
| 		tag := field.Tag.Get(itemTag) |  | ||||||
|  |  | ||||||
| 		if tag == "" { |  | ||||||
| 			continue |  | ||||||
| 		} |  | ||||||
|  |  | ||||||
| 		if !value.CanSet() { |  | ||||||
| 			return fmt.Errorf("Cannot load config into private fields") |  | ||||||
| 		} |  | ||||||
|  |  | ||||||
| 		itemVault, err := vaultUUIDForField(&field, vaultUUID, envVarFound) |  | ||||||
| 		if err != nil { |  | ||||||
| 			return err |  | ||||||
| 		} |  | ||||||
| 		if !isValidUUID(itemVault) { |  | ||||||
| 			return vaultUUIDError |  | ||||||
| 		} |  | ||||||
|  |  | ||||||
| 		key := fmt.Sprintf("%s/%s", itemVault, tag) |  | ||||||
| 		parsed := items[key] |  | ||||||
| 		parsed.vaultUUID = itemVault |  | ||||||
| 		parsed.itemTitle = tag |  | ||||||
| 		parsed.fields = append(parsed.fields, &field) |  | ||||||
| 		parsed.values = append(parsed.values, &value) |  | ||||||
| 		items[key] = parsed |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	for _, item := range items { |  | ||||||
| 		if err := setValuesForTag(rs, &item, true); err != nil { |  | ||||||
| 			return err |  | ||||||
| 		} |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	return nil |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func parseResponse(resp *http.Response, expectedStatusCode int, result interface{}) error { |  | ||||||
| 	body, err := readResponseBody(resp, expectedStatusCode) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return err |  | ||||||
| 	} |  | ||||||
| 	if result != nil { |  | ||||||
| 		if err := json.Unmarshal(body, result); err != nil { |  | ||||||
| 			return fmt.Errorf("decoding response: %s", err) |  | ||||||
| 		} |  | ||||||
| 	} |  | ||||||
| 	return nil |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func readResponseBody(resp *http.Response, expectedStatusCode int) ([]byte, error) { |  | ||||||
| 	defer resp.Body.Close() |  | ||||||
| 	body, err := ioutil.ReadAll(resp.Body) |  | ||||||
| 	if err != nil { |  | ||||||
| 		return nil, err |  | ||||||
| 	} |  | ||||||
| 	if resp.StatusCode != expectedStatusCode { |  | ||||||
| 		var errResp onepassword.Error |  | ||||||
| 		if json.Valid(body) { |  | ||||||
| 			if err := json.Unmarshal(body, &errResp); err != nil { |  | ||||||
| 				return nil, fmt.Errorf("decoding error response: %s", err) |  | ||||||
| 			} |  | ||||||
| 		} else { |  | ||||||
| 			errResp.StatusCode = resp.StatusCode |  | ||||||
| 			errResp.Message = http.StatusText(resp.StatusCode) |  | ||||||
| 		} |  | ||||||
| 		return nil, &errResp |  | ||||||
| 	} |  | ||||||
| 	return body, nil |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func isValidUUID(u string) bool { |  | ||||||
| 	r := regexp.MustCompile("^[a-z0-9]{26}$") |  | ||||||
| 	return r.MatchString(u) |  | ||||||
| } |  | ||||||
							
								
								
									
										209
									
								
								vendor/github.com/1Password/connect-sdk-go/connect/config_helper.go
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										209
									
								
								vendor/github.com/1Password/connect-sdk-go/connect/config_helper.go
									
									
									
										generated
									
									
										vendored
									
									
								
							| @@ -1,209 +0,0 @@ | |||||||
| package connect |  | ||||||
|  |  | ||||||
| import ( |  | ||||||
| 	"fmt" |  | ||||||
| 	"reflect" |  | ||||||
| 	"strconv" |  | ||||||
| 	"strings" |  | ||||||
|  |  | ||||||
| 	"github.com/1Password/connect-sdk-go/onepassword" |  | ||||||
| ) |  | ||||||
|  |  | ||||||
| const ( |  | ||||||
| 	vaultTag   = "opvault" |  | ||||||
| 	itemTag    = "opitem" |  | ||||||
| 	sectionTag = "opsection" |  | ||||||
| 	fieldTag   = "opfield" |  | ||||||
| 	urlTag     = "opurl" |  | ||||||
|  |  | ||||||
| 	envVaultVar = "OP_VAULT" |  | ||||||
| ) |  | ||||||
|  |  | ||||||
| type parsedItem struct { |  | ||||||
| 	vaultUUID string |  | ||||||
| 	itemUUID  string |  | ||||||
| 	itemTitle string |  | ||||||
| 	fields    []*reflect.StructField |  | ||||||
| 	values    []*reflect.Value |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func checkStruct(i interface{}) (reflect.Value, error) { |  | ||||||
| 	configP := reflect.ValueOf(i) |  | ||||||
| 	if configP.Kind() != reflect.Ptr { |  | ||||||
| 		return reflect.Value{}, fmt.Errorf("you must pass a pointer to Config struct") |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	config := configP.Elem() |  | ||||||
| 	if config.Kind() != reflect.Struct { |  | ||||||
| 		return reflect.Value{}, fmt.Errorf("config values can only be loaded into a struct") |  | ||||||
| 	} |  | ||||||
| 	return config, nil |  | ||||||
|  |  | ||||||
| } |  | ||||||
| func vaultUUIDForField(field *reflect.StructField, vaultUUID string, envVaultFound bool) (string, error) { |  | ||||||
| 	// Check to see if a specific vault has been specified on the field |  | ||||||
| 	// If the env vault id has not been found and item doesn't have a vault |  | ||||||
| 	// return an error |  | ||||||
| 	if vaultUUIDTag := field.Tag.Get(vaultTag); vaultUUIDTag == "" { |  | ||||||
| 		if !envVaultFound { |  | ||||||
| 			return "", fmt.Errorf("There is no vault for %q field", field.Name) |  | ||||||
| 		} |  | ||||||
| 	} else { |  | ||||||
| 		return vaultUUIDTag, nil |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	return vaultUUID, nil |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func setValuesForTag(client Client, parsedItem *parsedItem, byTitle bool) error { |  | ||||||
| 	var item *onepassword.Item |  | ||||||
| 	var err error |  | ||||||
| 	if byTitle { |  | ||||||
| 		item, err = client.GetItemByTitle(parsedItem.itemTitle, parsedItem.vaultUUID) |  | ||||||
| 	} else { |  | ||||||
| 		item, err = client.GetItem(parsedItem.itemUUID, parsedItem.vaultUUID) |  | ||||||
| 	} |  | ||||||
| 	if err != nil { |  | ||||||
| 		return err |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	for i, field := range parsedItem.fields { |  | ||||||
| 		value := parsedItem.values[i] |  | ||||||
|  |  | ||||||
| 		if field.Type == reflect.TypeOf(onepassword.ItemURL{}) { |  | ||||||
| 			url := &onepassword.ItemURL{ |  | ||||||
| 				Primary: urlPrimaryForName(field.Tag.Get(urlTag), item.URLs), |  | ||||||
| 				Label:   urlLabelForName(field.Tag.Get(urlTag), item.URLs), |  | ||||||
| 				URL:     urlURLForName(field.Tag.Get(urlTag), item.URLs), |  | ||||||
| 			} |  | ||||||
| 			value.Set(reflect.ValueOf(*url)) |  | ||||||
| 			continue |  | ||||||
| 		} |  | ||||||
|  |  | ||||||
| 		path := fmt.Sprintf("%s.%s", field.Tag.Get(sectionTag), field.Tag.Get(fieldTag)) |  | ||||||
| 		if path == "." { |  | ||||||
| 			if field.Type == reflect.TypeOf(onepassword.Item{}) { |  | ||||||
| 				value.Set(reflect.ValueOf(*item)) |  | ||||||
| 				continue |  | ||||||
| 			} |  | ||||||
| 			return fmt.Errorf("There is no %q specified for %q", fieldTag, field.Name) |  | ||||||
| 		} |  | ||||||
|  |  | ||||||
| 		if strings.HasSuffix(path, ".") { |  | ||||||
| 			if field.Type == reflect.TypeOf(onepassword.ItemSection{}) { |  | ||||||
| 				section := &onepassword.ItemSection{ |  | ||||||
| 					ID:    sectionIDForName(field.Tag.Get(sectionTag), item.Sections), |  | ||||||
| 					Label: sectionLabelForName(field.Tag.Get(sectionTag), item.Sections), |  | ||||||
| 				} |  | ||||||
| 				value.Set(reflect.ValueOf(*section)) |  | ||||||
| 				continue |  | ||||||
| 			} |  | ||||||
| 		} |  | ||||||
|  |  | ||||||
| 		sectionID := sectionIDForName(field.Tag.Get(sectionTag), item.Sections) |  | ||||||
|  |  | ||||||
| 		for _, f := range item.Fields { |  | ||||||
| 			fieldSectionID := "" |  | ||||||
| 			if f.Section != nil { |  | ||||||
| 				fieldSectionID = f.Section.ID |  | ||||||
| 			} |  | ||||||
|  |  | ||||||
| 			if fieldSectionID == sectionID && f.Label == field.Tag.Get(fieldTag) { |  | ||||||
| 				if err := setValue(value, f.Value); err != nil { |  | ||||||
| 					return err |  | ||||||
| 				} |  | ||||||
| 				break |  | ||||||
| 			} |  | ||||||
| 		} |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	return nil |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func setValue(value *reflect.Value, toSet string) error { |  | ||||||
| 	switch value.Kind() { |  | ||||||
| 	case reflect.String: |  | ||||||
| 		value.SetString(toSet) |  | ||||||
| 	case reflect.Int: |  | ||||||
| 		v, err := strconv.Atoi(toSet) |  | ||||||
| 		if err != nil { |  | ||||||
| 			return err |  | ||||||
| 		} |  | ||||||
| 		value.SetInt(int64(v)) |  | ||||||
| 	default: |  | ||||||
| 		return fmt.Errorf("Unsupported type %q. Only string, int64, and onepassword.Item are supported", value.Kind()) |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	return nil |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func sectionIDForName(name string, sections []*onepassword.ItemSection) string { |  | ||||||
| 	if sections == nil { |  | ||||||
| 		return "" |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	for _, s := range sections { |  | ||||||
| 		if name == strings.ToLower(s.Label) { |  | ||||||
| 			return s.ID |  | ||||||
| 		} |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	return "" |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func sectionLabelForName(name string, sections []*onepassword.ItemSection) string { |  | ||||||
| 	if sections == nil { |  | ||||||
| 		return "" |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	for _, s := range sections { |  | ||||||
| 		if name == strings.ToLower(s.Label) { |  | ||||||
| 			return s.Label |  | ||||||
| 		} |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	return "" |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func urlPrimaryForName(name string, itemURLs []onepassword.ItemURL) bool { |  | ||||||
| 	if itemURLs == nil { |  | ||||||
| 		return false |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	for _, url := range itemURLs { |  | ||||||
| 		if url.Label == strings.ToLower(name) { |  | ||||||
| 			return url.Primary |  | ||||||
| 		} |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	return false |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func urlLabelForName(name string, itemURLs []onepassword.ItemURL) string { |  | ||||||
| 	if itemURLs == nil { |  | ||||||
| 		return "" |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	for _, url := range itemURLs { |  | ||||||
| 		if url.Label == strings.ToLower(name) { |  | ||||||
| 			return url.Label |  | ||||||
| 		} |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	return "" |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func urlURLForName(name string, itemURLs []onepassword.ItemURL) string { |  | ||||||
| 	if itemURLs == nil { |  | ||||||
| 		return "" |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	for _, url := range itemURLs { |  | ||||||
| 		if url.Label == strings.ToLower(name) { |  | ||||||
| 			return url.URL |  | ||||||
| 		} |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	return "" |  | ||||||
|  |  | ||||||
| } |  | ||||||
							
								
								
									
										104
									
								
								vendor/github.com/1Password/connect-sdk-go/connect/version.go
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										104
									
								
								vendor/github.com/1Password/connect-sdk-go/connect/version.go
									
									
									
										generated
									
									
										vendored
									
									
								
							| @@ -1,104 +0,0 @@ | |||||||
| package connect |  | ||||||
|  |  | ||||||
| import ( |  | ||||||
| 	"errors" |  | ||||||
| 	"fmt" |  | ||||||
| 	"net/http" |  | ||||||
| 	"strconv" |  | ||||||
| 	"strings" |  | ||||||
| ) |  | ||||||
|  |  | ||||||
| // SDKVersion is the latest Semantic Version of the library |  | ||||||
| // Do not rename this variable without changing the regex in the Makefile |  | ||||||
| const SDKVersion = "1.5.1" |  | ||||||
|  |  | ||||||
| const VersionHeaderKey = "1Password-Connect-Version" |  | ||||||
|  |  | ||||||
| // expectMinimumConnectVersion returns an error if the provided minimum version for Connect is lower than the version |  | ||||||
| // reported in the response from Connect. |  | ||||||
| func expectMinimumConnectVersion(resp *http.Response, minimumVersion version) error { |  | ||||||
| 	serverVersion, err := getServerVersion(resp) |  | ||||||
| 	if err != nil { |  | ||||||
| 		// Return gracefully if server version cannot be determined reliably |  | ||||||
| 		return nil |  | ||||||
| 	} |  | ||||||
| 	if !serverVersion.IsGreaterOrEqualThan(minimumVersion) { |  | ||||||
| 		return fmt.Errorf("need at least version %s of Connect for this function, detected version %s. Please update your Connect server", minimumVersion, serverVersion) |  | ||||||
| 	} |  | ||||||
| 	return nil |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func getServerVersion(resp *http.Response) (serverVersion, error) { |  | ||||||
| 	versionHeader := resp.Header.Get(VersionHeaderKey) |  | ||||||
| 	if versionHeader == "" { |  | ||||||
| 		// The last version without the version header was v1.2.0 |  | ||||||
| 		return serverVersion{ |  | ||||||
| 			version:   version{1, 2, 0}, |  | ||||||
| 			orEarlier: true, |  | ||||||
| 		}, nil |  | ||||||
| 	} |  | ||||||
| 	return parseServerVersion(versionHeader) |  | ||||||
| } |  | ||||||
|  |  | ||||||
| type version struct { |  | ||||||
| 	major int |  | ||||||
| 	minor int |  | ||||||
| 	patch int |  | ||||||
| } |  | ||||||
|  |  | ||||||
| // serverVersion describes the version reported by the server. |  | ||||||
| type serverVersion struct { |  | ||||||
| 	version |  | ||||||
| 	// orEarlier is true if the version is derived from the lack of a version header from the server. |  | ||||||
| 	orEarlier bool |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func (v version) String() string { |  | ||||||
| 	return fmt.Sprintf("%d.%d.%d", v.major, v.minor, v.patch) |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func (v serverVersion) String() string { |  | ||||||
| 	if v.orEarlier { |  | ||||||
| 		return v.version.String() + " (or earlier)" |  | ||||||
| 	} |  | ||||||
| 	return v.version.String() |  | ||||||
| } |  | ||||||
|  |  | ||||||
| // IsGreaterOrEqualThan returns true if the lefthand-side version is equal to or or a higher version than the provided |  | ||||||
| // minimum according to the semantic versioning rules. |  | ||||||
| func (v version) IsGreaterOrEqualThan(min version) bool { |  | ||||||
| 	if v.major != min.major { |  | ||||||
| 		// Different major version |  | ||||||
| 		return v.major > min.major |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	if v.minor != min.minor { |  | ||||||
| 		// Same major, but different minor version |  | ||||||
| 		return v.minor > min.minor |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	// Same major and minor version |  | ||||||
| 	return v.patch >= min.patch |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func parseServerVersion(v string) (serverVersion, error) { |  | ||||||
| 	spl := strings.Split(v, ".") |  | ||||||
| 	if len(spl) != 3 { |  | ||||||
| 		return serverVersion{}, errors.New("wrong length") |  | ||||||
| 	} |  | ||||||
| 	var res [3]int |  | ||||||
| 	for i := range res { |  | ||||||
| 		tmp, err := strconv.Atoi(spl[i]) |  | ||||||
| 		if err != nil { |  | ||||||
| 			return serverVersion{}, err |  | ||||||
| 		} |  | ||||||
| 		res[i] = tmp |  | ||||||
| 	} |  | ||||||
| 	return serverVersion{ |  | ||||||
| 		version: version{ |  | ||||||
| 			major: res[0], |  | ||||||
| 			minor: res[1], |  | ||||||
| 			patch: res[2], |  | ||||||
| 		}, |  | ||||||
| 	}, nil |  | ||||||
| } |  | ||||||
							
								
								
									
										21
									
								
								vendor/github.com/1Password/connect-sdk-go/onepassword/errors.go
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										21
									
								
								vendor/github.com/1Password/connect-sdk-go/onepassword/errors.go
									
									
									
										generated
									
									
										vendored
									
									
								
							| @@ -1,21 +0,0 @@ | |||||||
| package onepassword |  | ||||||
|  |  | ||||||
| import "fmt" |  | ||||||
|  |  | ||||||
| // Error is an error returned by the Connect API. |  | ||||||
| type Error struct { |  | ||||||
| 	StatusCode int    `json:"status"` |  | ||||||
| 	Message    string `json:"message"` |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func (e *Error) Error() string { |  | ||||||
| 	return fmt.Sprintf("status %d: %s", e.StatusCode, e.Message) |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func (e *Error) Is(target error) bool { |  | ||||||
| 	t, ok := target.(*Error) |  | ||||||
| 	if !ok { |  | ||||||
| 		return false |  | ||||||
| 	} |  | ||||||
| 	return t.Message == e.Message && t.StatusCode == e.StatusCode |  | ||||||
| } |  | ||||||
							
								
								
									
										49
									
								
								vendor/github.com/1Password/connect-sdk-go/onepassword/files.go
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										49
									
								
								vendor/github.com/1Password/connect-sdk-go/onepassword/files.go
									
									
									
										generated
									
									
										vendored
									
									
								
							| @@ -1,49 +0,0 @@ | |||||||
| package onepassword |  | ||||||
|  |  | ||||||
| import ( |  | ||||||
| 	"encoding/json" |  | ||||||
| 	"errors" |  | ||||||
| ) |  | ||||||
|  |  | ||||||
| type File struct { |  | ||||||
| 	ID          string       `json:"id"` |  | ||||||
| 	Name        string       `json:"name"` |  | ||||||
| 	Section     *ItemSection `json:"section,omitempty"` |  | ||||||
| 	Size        int          `json:"size"` |  | ||||||
| 	ContentPath string       `json:"content_path"` |  | ||||||
| 	content     []byte |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func (f *File) UnmarshalJSON(data []byte) error { |  | ||||||
| 	var jsonFile struct { |  | ||||||
| 		ID          string       `json:"id"` |  | ||||||
| 		Name        string       `json:"name"` |  | ||||||
| 		Section     *ItemSection `json:"section,omitempty"` |  | ||||||
| 		Size        int          `json:"size"` |  | ||||||
| 		ContentPath string       `json:"content_path"` |  | ||||||
| 		Content     []byte       `json:"content,omitempty"` |  | ||||||
| 	} |  | ||||||
| 	if err := json.Unmarshal(data, &jsonFile); err != nil { |  | ||||||
| 		return err |  | ||||||
| 	} |  | ||||||
| 	f.ID = jsonFile.ID |  | ||||||
| 	f.Name = jsonFile.Name |  | ||||||
| 	f.Section = jsonFile.Section |  | ||||||
| 	f.Size = jsonFile.Size |  | ||||||
| 	f.ContentPath = jsonFile.ContentPath |  | ||||||
| 	f.content = jsonFile.Content |  | ||||||
| 	return nil |  | ||||||
| } |  | ||||||
|  |  | ||||||
| // Content returns the content of the file if they have been loaded and returns an error if they have not been loaded. |  | ||||||
| // Use `client.GetFileContent(file *File)` instead to make sure the content is fetched automatically if not present. |  | ||||||
| func (f *File) Content() ([]byte, error) { |  | ||||||
| 	if f.content == nil { |  | ||||||
| 		return nil, errors.New("file content not loaded") |  | ||||||
| 	} |  | ||||||
| 	return f.content, nil |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func (f *File) SetContent(content []byte) { |  | ||||||
| 	f.content = content |  | ||||||
| } |  | ||||||
							
								
								
									
										193
									
								
								vendor/github.com/1Password/connect-sdk-go/onepassword/items.go
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										193
									
								
								vendor/github.com/1Password/connect-sdk-go/onepassword/items.go
									
									
									
										generated
									
									
										vendored
									
									
								
							| @@ -1,193 +0,0 @@ | |||||||
| package onepassword |  | ||||||
|  |  | ||||||
| import ( |  | ||||||
| 	"encoding/json" |  | ||||||
| 	"strings" |  | ||||||
| 	"time" |  | ||||||
| ) |  | ||||||
|  |  | ||||||
| // ItemCategory Represents the template of the Item |  | ||||||
| type ItemCategory string |  | ||||||
|  |  | ||||||
| type ItemFieldPurpose string |  | ||||||
|  |  | ||||||
| type ItemFieldType string |  | ||||||
|  |  | ||||||
| const ( |  | ||||||
| 	Login                ItemCategory = "LOGIN" |  | ||||||
| 	Password             ItemCategory = "PASSWORD" |  | ||||||
| 	ApiCredential        ItemCategory = "API_CREDENTIAL" |  | ||||||
| 	Server               ItemCategory = "SERVER" |  | ||||||
| 	Database             ItemCategory = "DATABASE" |  | ||||||
| 	CreditCard           ItemCategory = "CREDIT_CARD" |  | ||||||
| 	Membership           ItemCategory = "MEMBERSHIP" |  | ||||||
| 	Passport             ItemCategory = "PASSPORT" |  | ||||||
| 	SoftwareLicense      ItemCategory = "SOFTWARE_LICENSE" |  | ||||||
| 	OutdoorLicense       ItemCategory = "OUTDOOR_LICENSE" |  | ||||||
| 	SecureNote           ItemCategory = "SECURE_NOTE" |  | ||||||
| 	WirelessRouter       ItemCategory = "WIRELESS_ROUTER" |  | ||||||
| 	BankAccount          ItemCategory = "BANK_ACCOUNT" |  | ||||||
| 	DriverLicense        ItemCategory = "DRIVER_LICENSE" |  | ||||||
| 	Identity             ItemCategory = "IDENTITY" |  | ||||||
| 	RewardProgram        ItemCategory = "REWARD_PROGRAM" |  | ||||||
| 	Document             ItemCategory = "DOCUMENT" |  | ||||||
| 	EmailAccount         ItemCategory = "EMAIL_ACCOUNT" |  | ||||||
| 	SocialSecurityNumber ItemCategory = "SOCIAL_SECURITY_NUMBER" |  | ||||||
| 	MedicalRecord        ItemCategory = "MEDICAL_RECORD" |  | ||||||
| 	SSHKey               ItemCategory = "SSH_KEY" |  | ||||||
| 	Custom               ItemCategory = "CUSTOM" |  | ||||||
|  |  | ||||||
| 	FieldPurposeUsername ItemFieldPurpose = "USERNAME" |  | ||||||
| 	FieldPurposePassword ItemFieldPurpose = "PASSWORD" |  | ||||||
| 	FieldPurposeNotes    ItemFieldPurpose = "NOTES" |  | ||||||
|  |  | ||||||
| 	FieldTypeAddress          ItemFieldType = "ADDRESS" |  | ||||||
| 	FieldTypeConcealed        ItemFieldType = "CONCEALED" |  | ||||||
| 	FieldTypeCreditCardNumber ItemFieldType = "CREDIT_CARD_NUMBER" |  | ||||||
| 	FieldTypeCreditCardType   ItemFieldType = "CREDIT_CARD_TYPE" |  | ||||||
| 	FieldTypeDate             ItemFieldType = "DATE" |  | ||||||
| 	FieldTypeEmail            ItemFieldType = "EMAIL" |  | ||||||
| 	FieldTypeGender           ItemFieldType = "GENDER" |  | ||||||
| 	FieldTypeMenu             ItemFieldType = "MENU" |  | ||||||
| 	FieldTypeMonthYear        ItemFieldType = "MONTH_YEAR" |  | ||||||
| 	FieldTypeOTP              ItemFieldType = "OTP" |  | ||||||
| 	FieldTypePhone            ItemFieldType = "PHONE" |  | ||||||
| 	FieldTypeReference        ItemFieldType = "REFERENCE" |  | ||||||
| 	FieldTypeString           ItemFieldType = "STRING" |  | ||||||
| 	FieldTypeURL              ItemFieldType = "URL" |  | ||||||
| 	FieldTypeFile             ItemFieldType = "FILE" |  | ||||||
| 	FieldTypeSSHKey           ItemFieldType = "SSH_KEY" |  | ||||||
| 	FieldTypeUnknown          ItemFieldType = "UNKNOWN" |  | ||||||
| ) |  | ||||||
|  |  | ||||||
| // UnmarshalJSON Unmarshall Item Category enum strings to Go string enums |  | ||||||
| func (ic *ItemCategory) UnmarshalJSON(b []byte) error { |  | ||||||
| 	var s string |  | ||||||
| 	json.Unmarshal(b, &s) |  | ||||||
| 	category := ItemCategory(s) |  | ||||||
| 	switch category { |  | ||||||
| 	case Login, Password, Server, Database, CreditCard, Membership, Passport, SoftwareLicense, |  | ||||||
| 		OutdoorLicense, SecureNote, WirelessRouter, BankAccount, DriverLicense, Identity, RewardProgram, |  | ||||||
| 		Document, EmailAccount, SocialSecurityNumber, ApiCredential, MedicalRecord, SSHKey: |  | ||||||
| 		*ic = category |  | ||||||
| 	default: |  | ||||||
| 		*ic = Custom |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	return nil |  | ||||||
| } |  | ||||||
|  |  | ||||||
| // Item represents an item returned to the consumer |  | ||||||
| type Item struct { |  | ||||||
| 	ID    string `json:"id"` |  | ||||||
| 	Title string `json:"title"` |  | ||||||
|  |  | ||||||
| 	URLs     []ItemURL `json:"urls,omitempty"` |  | ||||||
| 	Favorite bool      `json:"favorite,omitempty"` |  | ||||||
| 	Tags     []string  `json:"tags,omitempty"` |  | ||||||
| 	Version  int       `json:"version,omitempty"` |  | ||||||
|  |  | ||||||
| 	Vault    ItemVault    `json:"vault"` |  | ||||||
| 	Category ItemCategory `json:"category,omitempty"` // TODO: switch this to `category` |  | ||||||
|  |  | ||||||
| 	Sections []*ItemSection `json:"sections,omitempty"` |  | ||||||
| 	Fields   []*ItemField   `json:"fields,omitempty"` |  | ||||||
| 	Files    []*File        `json:"files,omitempty"` |  | ||||||
|  |  | ||||||
| 	LastEditedBy string    `json:"lastEditedBy,omitempty"` |  | ||||||
| 	CreatedAt    time.Time `json:"createdAt,omitempty"` |  | ||||||
| 	UpdatedAt    time.Time `json:"updatedAt,omitempty"` |  | ||||||
|  |  | ||||||
| 	// Deprecated: Connect does not return trashed items. |  | ||||||
| 	Trashed bool `json:"trashed,omitempty"` |  | ||||||
| } |  | ||||||
|  |  | ||||||
| // ItemVault represents the Vault the Item is found in |  | ||||||
| type ItemVault struct { |  | ||||||
| 	ID string `json:"id"` |  | ||||||
| } |  | ||||||
|  |  | ||||||
| // ItemURL is a simplified item URL |  | ||||||
| type ItemURL struct { |  | ||||||
| 	Primary bool   `json:"primary,omitempty"` |  | ||||||
| 	Label   string `json:"label,omitempty"` |  | ||||||
| 	URL     string `json:"href"` |  | ||||||
| } |  | ||||||
|  |  | ||||||
| // ItemSection Representation of a Section on an item |  | ||||||
| type ItemSection struct { |  | ||||||
| 	ID    string `json:"id,omitempty"` |  | ||||||
| 	Label string `json:"label,omitempty"` |  | ||||||
| } |  | ||||||
|  |  | ||||||
| // GeneratorRecipe Representation of a "recipe" used to generate a field |  | ||||||
| type GeneratorRecipe struct { |  | ||||||
| 	Length            int      `json:"length,omitempty"` |  | ||||||
| 	CharacterSets     []string `json:"characterSets,omitempty"` |  | ||||||
| 	ExcludeCharacters string   `json:"excludeCharacters,omitempty"` |  | ||||||
| } |  | ||||||
|  |  | ||||||
| // ItemField Representation of a single field on an Item |  | ||||||
| type ItemField struct { |  | ||||||
| 	ID       string           `json:"id"` |  | ||||||
| 	Section  *ItemSection     `json:"section,omitempty"` |  | ||||||
| 	Type     ItemFieldType    `json:"type"` |  | ||||||
| 	Purpose  ItemFieldPurpose `json:"purpose,omitempty"` |  | ||||||
| 	Label    string           `json:"label,omitempty"` |  | ||||||
| 	Value    string           `json:"value,omitempty"` |  | ||||||
| 	Generate bool             `json:"generate,omitempty"` |  | ||||||
| 	Recipe   *GeneratorRecipe `json:"recipe,omitempty"` |  | ||||||
| 	Entropy  float64          `json:"entropy,omitempty"` |  | ||||||
| 	TOTP     string           `json:"totp,omitempty"` |  | ||||||
| } |  | ||||||
|  |  | ||||||
| // GetValue Retrieve the value of a field on the item by its label. To specify a |  | ||||||
| // field from a specific section pass in <section label>.<field label>. If |  | ||||||
| // no field matching the selector is found return "". |  | ||||||
| func (i *Item) GetValue(field string) string { |  | ||||||
| 	if i == nil || len(i.Fields) == 0 { |  | ||||||
| 		return "" |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	sectionFilter := false |  | ||||||
| 	sectionLabel := "" |  | ||||||
| 	fieldLabel := field |  | ||||||
| 	if strings.Contains(field, ".") { |  | ||||||
| 		parts := strings.Split(field, ".") |  | ||||||
|  |  | ||||||
| 		// Test to make sure the . isn't the last character |  | ||||||
| 		if len(parts) == 2 { |  | ||||||
| 			sectionFilter = true |  | ||||||
| 			sectionLabel = parts[0] |  | ||||||
| 			fieldLabel = parts[1] |  | ||||||
| 		} |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	for _, f := range i.Fields { |  | ||||||
| 		if sectionFilter { |  | ||||||
| 			if f.Section != nil { |  | ||||||
| 				if sectionLabel != i.SectionLabelForID(f.Section.ID) { |  | ||||||
| 					continue |  | ||||||
| 				} |  | ||||||
| 			} |  | ||||||
| 		} |  | ||||||
|  |  | ||||||
| 		if fieldLabel == f.Label { |  | ||||||
| 			return f.Value |  | ||||||
| 		} |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	return "" |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func (i *Item) SectionLabelForID(id string) string { |  | ||||||
| 	if i != nil || len(i.Sections) > 0 { |  | ||||||
| 		for _, s := range i.Sections { |  | ||||||
| 			if s.ID == id { |  | ||||||
| 				return s.Label |  | ||||||
| 			} |  | ||||||
| 		} |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	return "" |  | ||||||
| } |  | ||||||
							
								
								
									
										46
									
								
								vendor/github.com/1Password/connect-sdk-go/onepassword/vaults.go
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										46
									
								
								vendor/github.com/1Password/connect-sdk-go/onepassword/vaults.go
									
									
									
										generated
									
									
										vendored
									
									
								
							| @@ -1,46 +0,0 @@ | |||||||
| package onepassword |  | ||||||
|  |  | ||||||
| import ( |  | ||||||
| 	"encoding/json" |  | ||||||
| 	"time" |  | ||||||
| ) |  | ||||||
|  |  | ||||||
| // Vault represents a 1password Vault |  | ||||||
| type Vault struct { |  | ||||||
| 	ID          string `json:"id"` |  | ||||||
| 	Name        string `json:"name,omitempty"` |  | ||||||
| 	Description string `json:"description,omitempty"` |  | ||||||
|  |  | ||||||
| 	AttrVersion    int       `json:"attributeVersion,omitempty"` |  | ||||||
| 	ContentVersoin int       `json:"contentVersion,omitempty"` |  | ||||||
| 	Items          int       `json:"items,omitempty"` |  | ||||||
| 	Type           VaultType `json:"type,omitempty"` |  | ||||||
|  |  | ||||||
| 	CreatedAt time.Time `json:"createdAt,omitempty"` |  | ||||||
| 	UpdatedAt time.Time `json:"updatedAt,omitempty"` |  | ||||||
| } |  | ||||||
|  |  | ||||||
| // VaultType Representation of what the Vault Type is |  | ||||||
| type VaultType string |  | ||||||
|  |  | ||||||
| const ( |  | ||||||
| 	PersonalVault    VaultType = "PERSONAL" |  | ||||||
| 	EveryoneVault    VaultType = "EVERYONE" |  | ||||||
| 	TransferVault    VaultType = "TRANSFER" |  | ||||||
| 	UserCreatedVault VaultType = "USER_CREATED" |  | ||||||
| 	UnknownVault     VaultType = "UNKNOWN" |  | ||||||
| ) |  | ||||||
|  |  | ||||||
| // UnmarshalJSON Unmarshall Vault Type enum strings to Go string enums |  | ||||||
| func (vt *VaultType) UnmarshalJSON(b []byte) error { |  | ||||||
| 	var s string |  | ||||||
| 	json.Unmarshal(b, &s) |  | ||||||
| 	vaultType := VaultType(s) |  | ||||||
| 	switch vaultType { |  | ||||||
| 	case PersonalVault, EveryoneVault, TransferVault, UserCreatedVault: |  | ||||||
| 		*vt = vaultType |  | ||||||
| 	default: |  | ||||||
| 		*vt = UnknownVault |  | ||||||
| 	} |  | ||||||
| 	return nil |  | ||||||
| } |  | ||||||
							
								
								
									
										20
									
								
								vendor/github.com/beorn7/perks/LICENSE
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										20
									
								
								vendor/github.com/beorn7/perks/LICENSE
									
									
									
										generated
									
									
										vendored
									
									
								
							| @@ -1,20 +0,0 @@ | |||||||
| Copyright (C) 2013 Blake Mizerany |  | ||||||
|  |  | ||||||
| Permission is hereby granted, free of charge, to any person obtaining |  | ||||||
| a copy of this software and associated documentation files (the |  | ||||||
| "Software"), to deal in the Software without restriction, including |  | ||||||
| without limitation the rights to use, copy, modify, merge, publish, |  | ||||||
| distribute, sublicense, and/or sell copies of the Software, and to |  | ||||||
| permit persons to whom the Software is furnished to do so, subject to |  | ||||||
| the following conditions: |  | ||||||
|  |  | ||||||
| The above copyright notice and this permission notice shall be |  | ||||||
| included in all copies or substantial portions of the Software. |  | ||||||
|  |  | ||||||
| THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |  | ||||||
| EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |  | ||||||
| MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND |  | ||||||
| NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE |  | ||||||
| LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION |  | ||||||
| OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION |  | ||||||
| WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |  | ||||||
							
								
								
									
										2388
									
								
								vendor/github.com/beorn7/perks/quantile/exampledata.txt
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										2388
									
								
								vendor/github.com/beorn7/perks/quantile/exampledata.txt
									
									
									
										generated
									
									
										vendored
									
									
								
							
										
											
												File diff suppressed because it is too large
												Load Diff
											
										
									
								
							
							
								
								
									
										316
									
								
								vendor/github.com/beorn7/perks/quantile/stream.go
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										316
									
								
								vendor/github.com/beorn7/perks/quantile/stream.go
									
									
									
										generated
									
									
										vendored
									
									
								
							| @@ -1,316 +0,0 @@ | |||||||
| // Package quantile computes approximate quantiles over an unbounded data |  | ||||||
| // stream within low memory and CPU bounds. |  | ||||||
| // |  | ||||||
| // A small amount of accuracy is traded to achieve the above properties. |  | ||||||
| // |  | ||||||
| // Multiple streams can be merged before calling Query to generate a single set |  | ||||||
| // of results. This is meaningful when the streams represent the same type of |  | ||||||
| // data. See Merge and Samples. |  | ||||||
| // |  | ||||||
| // For more detailed information about the algorithm used, see: |  | ||||||
| // |  | ||||||
| // Effective Computation of Biased Quantiles over Data Streams |  | ||||||
| // |  | ||||||
| // http://www.cs.rutgers.edu/~muthu/bquant.pdf |  | ||||||
| package quantile |  | ||||||
|  |  | ||||||
| import ( |  | ||||||
| 	"math" |  | ||||||
| 	"sort" |  | ||||||
| ) |  | ||||||
|  |  | ||||||
| // Sample holds an observed value and meta information for compression. JSON |  | ||||||
| // tags have been added for convenience. |  | ||||||
| type Sample struct { |  | ||||||
| 	Value float64 `json:",string"` |  | ||||||
| 	Width float64 `json:",string"` |  | ||||||
| 	Delta float64 `json:",string"` |  | ||||||
| } |  | ||||||
|  |  | ||||||
| // Samples represents a slice of samples. It implements sort.Interface. |  | ||||||
| type Samples []Sample |  | ||||||
|  |  | ||||||
| func (a Samples) Len() int           { return len(a) } |  | ||||||
| func (a Samples) Less(i, j int) bool { return a[i].Value < a[j].Value } |  | ||||||
| func (a Samples) Swap(i, j int)      { a[i], a[j] = a[j], a[i] } |  | ||||||
|  |  | ||||||
| type invariant func(s *stream, r float64) float64 |  | ||||||
|  |  | ||||||
| // NewLowBiased returns an initialized Stream for low-biased quantiles |  | ||||||
| // (e.g. 0.01, 0.1, 0.5) where the needed quantiles are not known a priori, but |  | ||||||
| // error guarantees can still be given even for the lower ranks of the data |  | ||||||
| // distribution. |  | ||||||
| // |  | ||||||
| // The provided epsilon is a relative error, i.e. the true quantile of a value |  | ||||||
| // returned by a query is guaranteed to be within (1±Epsilon)*Quantile. |  | ||||||
| // |  | ||||||
| // See http://www.cs.rutgers.edu/~muthu/bquant.pdf for time, space, and error |  | ||||||
| // properties. |  | ||||||
| func NewLowBiased(epsilon float64) *Stream { |  | ||||||
| 	ƒ := func(s *stream, r float64) float64 { |  | ||||||
| 		return 2 * epsilon * r |  | ||||||
| 	} |  | ||||||
| 	return newStream(ƒ) |  | ||||||
| } |  | ||||||
|  |  | ||||||
| // NewHighBiased returns an initialized Stream for high-biased quantiles |  | ||||||
| // (e.g. 0.01, 0.1, 0.5) where the needed quantiles are not known a priori, but |  | ||||||
| // error guarantees can still be given even for the higher ranks of the data |  | ||||||
| // distribution. |  | ||||||
| // |  | ||||||
| // The provided epsilon is a relative error, i.e. the true quantile of a value |  | ||||||
| // returned by a query is guaranteed to be within 1-(1±Epsilon)*(1-Quantile). |  | ||||||
| // |  | ||||||
| // See http://www.cs.rutgers.edu/~muthu/bquant.pdf for time, space, and error |  | ||||||
| // properties. |  | ||||||
| func NewHighBiased(epsilon float64) *Stream { |  | ||||||
| 	ƒ := func(s *stream, r float64) float64 { |  | ||||||
| 		return 2 * epsilon * (s.n - r) |  | ||||||
| 	} |  | ||||||
| 	return newStream(ƒ) |  | ||||||
| } |  | ||||||
|  |  | ||||||
| // NewTargeted returns an initialized Stream concerned with a particular set of |  | ||||||
| // quantile values that are supplied a priori. Knowing these a priori reduces |  | ||||||
| // space and computation time. The targets map maps the desired quantiles to |  | ||||||
| // their absolute errors, i.e. the true quantile of a value returned by a query |  | ||||||
| // is guaranteed to be within (Quantile±Epsilon). |  | ||||||
| // |  | ||||||
| // See http://www.cs.rutgers.edu/~muthu/bquant.pdf for time, space, and error properties. |  | ||||||
| func NewTargeted(targetMap map[float64]float64) *Stream { |  | ||||||
| 	// Convert map to slice to avoid slow iterations on a map. |  | ||||||
| 	// ƒ is called on the hot path, so converting the map to a slice |  | ||||||
| 	// beforehand results in significant CPU savings. |  | ||||||
| 	targets := targetMapToSlice(targetMap) |  | ||||||
|  |  | ||||||
| 	ƒ := func(s *stream, r float64) float64 { |  | ||||||
| 		var m = math.MaxFloat64 |  | ||||||
| 		var f float64 |  | ||||||
| 		for _, t := range targets { |  | ||||||
| 			if t.quantile*s.n <= r { |  | ||||||
| 				f = (2 * t.epsilon * r) / t.quantile |  | ||||||
| 			} else { |  | ||||||
| 				f = (2 * t.epsilon * (s.n - r)) / (1 - t.quantile) |  | ||||||
| 			} |  | ||||||
| 			if f < m { |  | ||||||
| 				m = f |  | ||||||
| 			} |  | ||||||
| 		} |  | ||||||
| 		return m |  | ||||||
| 	} |  | ||||||
| 	return newStream(ƒ) |  | ||||||
| } |  | ||||||
|  |  | ||||||
| type target struct { |  | ||||||
| 	quantile float64 |  | ||||||
| 	epsilon  float64 |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func targetMapToSlice(targetMap map[float64]float64) []target { |  | ||||||
| 	targets := make([]target, 0, len(targetMap)) |  | ||||||
|  |  | ||||||
| 	for quantile, epsilon := range targetMap { |  | ||||||
| 		t := target{ |  | ||||||
| 			quantile: quantile, |  | ||||||
| 			epsilon:  epsilon, |  | ||||||
| 		} |  | ||||||
| 		targets = append(targets, t) |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	return targets |  | ||||||
| } |  | ||||||
|  |  | ||||||
| // Stream computes quantiles for a stream of float64s. It is not thread-safe by |  | ||||||
| // design. Take care when using across multiple goroutines. |  | ||||||
| type Stream struct { |  | ||||||
| 	*stream |  | ||||||
| 	b      Samples |  | ||||||
| 	sorted bool |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func newStream(ƒ invariant) *Stream { |  | ||||||
| 	x := &stream{ƒ: ƒ} |  | ||||||
| 	return &Stream{x, make(Samples, 0, 500), true} |  | ||||||
| } |  | ||||||
|  |  | ||||||
| // Insert inserts v into the stream. |  | ||||||
| func (s *Stream) Insert(v float64) { |  | ||||||
| 	s.insert(Sample{Value: v, Width: 1}) |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func (s *Stream) insert(sample Sample) { |  | ||||||
| 	s.b = append(s.b, sample) |  | ||||||
| 	s.sorted = false |  | ||||||
| 	if len(s.b) == cap(s.b) { |  | ||||||
| 		s.flush() |  | ||||||
| 	} |  | ||||||
| } |  | ||||||
|  |  | ||||||
| // Query returns the computed qth percentiles value. If s was created with |  | ||||||
| // NewTargeted, and q is not in the set of quantiles provided a priori, Query |  | ||||||
| // will return an unspecified result. |  | ||||||
| func (s *Stream) Query(q float64) float64 { |  | ||||||
| 	if !s.flushed() { |  | ||||||
| 		// Fast path when there hasn't been enough data for a flush; |  | ||||||
| 		// this also yields better accuracy for small sets of data. |  | ||||||
| 		l := len(s.b) |  | ||||||
| 		if l == 0 { |  | ||||||
| 			return 0 |  | ||||||
| 		} |  | ||||||
| 		i := int(math.Ceil(float64(l) * q)) |  | ||||||
| 		if i > 0 { |  | ||||||
| 			i -= 1 |  | ||||||
| 		} |  | ||||||
| 		s.maybeSort() |  | ||||||
| 		return s.b[i].Value |  | ||||||
| 	} |  | ||||||
| 	s.flush() |  | ||||||
| 	return s.stream.query(q) |  | ||||||
| } |  | ||||||
|  |  | ||||||
| // Merge merges samples into the underlying streams samples. This is handy when |  | ||||||
| // merging multiple streams from separate threads, database shards, etc. |  | ||||||
| // |  | ||||||
| // ATTENTION: This method is broken and does not yield correct results. The |  | ||||||
| // underlying algorithm is not capable of merging streams correctly. |  | ||||||
| func (s *Stream) Merge(samples Samples) { |  | ||||||
| 	sort.Sort(samples) |  | ||||||
| 	s.stream.merge(samples) |  | ||||||
| } |  | ||||||
|  |  | ||||||
| // Reset reinitializes and clears the list reusing the samples buffer memory. |  | ||||||
| func (s *Stream) Reset() { |  | ||||||
| 	s.stream.reset() |  | ||||||
| 	s.b = s.b[:0] |  | ||||||
| } |  | ||||||
|  |  | ||||||
| // Samples returns stream samples held by s. |  | ||||||
| func (s *Stream) Samples() Samples { |  | ||||||
| 	if !s.flushed() { |  | ||||||
| 		return s.b |  | ||||||
| 	} |  | ||||||
| 	s.flush() |  | ||||||
| 	return s.stream.samples() |  | ||||||
| } |  | ||||||
|  |  | ||||||
| // Count returns the total number of samples observed in the stream |  | ||||||
| // since initialization. |  | ||||||
| func (s *Stream) Count() int { |  | ||||||
| 	return len(s.b) + s.stream.count() |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func (s *Stream) flush() { |  | ||||||
| 	s.maybeSort() |  | ||||||
| 	s.stream.merge(s.b) |  | ||||||
| 	s.b = s.b[:0] |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func (s *Stream) maybeSort() { |  | ||||||
| 	if !s.sorted { |  | ||||||
| 		s.sorted = true |  | ||||||
| 		sort.Sort(s.b) |  | ||||||
| 	} |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func (s *Stream) flushed() bool { |  | ||||||
| 	return len(s.stream.l) > 0 |  | ||||||
| } |  | ||||||
|  |  | ||||||
| type stream struct { |  | ||||||
| 	n float64 |  | ||||||
| 	l []Sample |  | ||||||
| 	ƒ invariant |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func (s *stream) reset() { |  | ||||||
| 	s.l = s.l[:0] |  | ||||||
| 	s.n = 0 |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func (s *stream) insert(v float64) { |  | ||||||
| 	s.merge(Samples{{v, 1, 0}}) |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func (s *stream) merge(samples Samples) { |  | ||||||
| 	// TODO(beorn7): This tries to merge not only individual samples, but |  | ||||||
| 	// whole summaries. The paper doesn't mention merging summaries at |  | ||||||
| 	// all. Unittests show that the merging is inaccurate. Find out how to |  | ||||||
| 	// do merges properly. |  | ||||||
| 	var r float64 |  | ||||||
| 	i := 0 |  | ||||||
| 	for _, sample := range samples { |  | ||||||
| 		for ; i < len(s.l); i++ { |  | ||||||
| 			c := s.l[i] |  | ||||||
| 			if c.Value > sample.Value { |  | ||||||
| 				// Insert at position i. |  | ||||||
| 				s.l = append(s.l, Sample{}) |  | ||||||
| 				copy(s.l[i+1:], s.l[i:]) |  | ||||||
| 				s.l[i] = Sample{ |  | ||||||
| 					sample.Value, |  | ||||||
| 					sample.Width, |  | ||||||
| 					math.Max(sample.Delta, math.Floor(s.ƒ(s, r))-1), |  | ||||||
| 					// TODO(beorn7): How to calculate delta correctly? |  | ||||||
| 				} |  | ||||||
| 				i++ |  | ||||||
| 				goto inserted |  | ||||||
| 			} |  | ||||||
| 			r += c.Width |  | ||||||
| 		} |  | ||||||
| 		s.l = append(s.l, Sample{sample.Value, sample.Width, 0}) |  | ||||||
| 		i++ |  | ||||||
| 	inserted: |  | ||||||
| 		s.n += sample.Width |  | ||||||
| 		r += sample.Width |  | ||||||
| 	} |  | ||||||
| 	s.compress() |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func (s *stream) count() int { |  | ||||||
| 	return int(s.n) |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func (s *stream) query(q float64) float64 { |  | ||||||
| 	t := math.Ceil(q * s.n) |  | ||||||
| 	t += math.Ceil(s.ƒ(s, t) / 2) |  | ||||||
| 	p := s.l[0] |  | ||||||
| 	var r float64 |  | ||||||
| 	for _, c := range s.l[1:] { |  | ||||||
| 		r += p.Width |  | ||||||
| 		if r+c.Width+c.Delta > t { |  | ||||||
| 			return p.Value |  | ||||||
| 		} |  | ||||||
| 		p = c |  | ||||||
| 	} |  | ||||||
| 	return p.Value |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func (s *stream) compress() { |  | ||||||
| 	if len(s.l) < 2 { |  | ||||||
| 		return |  | ||||||
| 	} |  | ||||||
| 	x := s.l[len(s.l)-1] |  | ||||||
| 	xi := len(s.l) - 1 |  | ||||||
| 	r := s.n - 1 - x.Width |  | ||||||
|  |  | ||||||
| 	for i := len(s.l) - 2; i >= 0; i-- { |  | ||||||
| 		c := s.l[i] |  | ||||||
| 		if c.Width+x.Width+x.Delta <= s.ƒ(s, r) { |  | ||||||
| 			x.Width += c.Width |  | ||||||
| 			s.l[xi] = x |  | ||||||
| 			// Remove element at i. |  | ||||||
| 			copy(s.l[i:], s.l[i+1:]) |  | ||||||
| 			s.l = s.l[:len(s.l)-1] |  | ||||||
| 			xi -= 1 |  | ||||||
| 		} else { |  | ||||||
| 			x = c |  | ||||||
| 			xi = i |  | ||||||
| 		} |  | ||||||
| 		r -= c.Width |  | ||||||
| 	} |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func (s *stream) samples() Samples { |  | ||||||
| 	samples := make(Samples, len(s.l)) |  | ||||||
| 	copy(samples, s.l) |  | ||||||
| 	return samples |  | ||||||
| } |  | ||||||
							
								
								
									
										22
									
								
								vendor/github.com/cespare/xxhash/v2/LICENSE.txt
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										22
									
								
								vendor/github.com/cespare/xxhash/v2/LICENSE.txt
									
									
									
										generated
									
									
										vendored
									
									
								
							| @@ -1,22 +0,0 @@ | |||||||
| Copyright (c) 2016 Caleb Spare |  | ||||||
|  |  | ||||||
| MIT License |  | ||||||
|  |  | ||||||
| Permission is hereby granted, free of charge, to any person obtaining |  | ||||||
| a copy of this software and associated documentation files (the |  | ||||||
| "Software"), to deal in the Software without restriction, including |  | ||||||
| without limitation the rights to use, copy, modify, merge, publish, |  | ||||||
| distribute, sublicense, and/or sell copies of the Software, and to |  | ||||||
| permit persons to whom the Software is furnished to do so, subject to |  | ||||||
| the following conditions: |  | ||||||
|  |  | ||||||
| The above copyright notice and this permission notice shall be |  | ||||||
| included in all copies or substantial portions of the Software. |  | ||||||
|  |  | ||||||
| THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |  | ||||||
| EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |  | ||||||
| MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND |  | ||||||
| NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE |  | ||||||
| LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION |  | ||||||
| OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION |  | ||||||
| WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |  | ||||||
							
								
								
									
										72
									
								
								vendor/github.com/cespare/xxhash/v2/README.md
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										72
									
								
								vendor/github.com/cespare/xxhash/v2/README.md
									
									
									
										generated
									
									
										vendored
									
									
								
							| @@ -1,72 +0,0 @@ | |||||||
| # xxhash |  | ||||||
|  |  | ||||||
| [](https://pkg.go.dev/github.com/cespare/xxhash/v2) |  | ||||||
| [](https://github.com/cespare/xxhash/actions/workflows/test.yml) |  | ||||||
|  |  | ||||||
| xxhash is a Go implementation of the 64-bit [xxHash] algorithm, XXH64. This is a |  | ||||||
| high-quality hashing algorithm that is much faster than anything in the Go |  | ||||||
| standard library. |  | ||||||
|  |  | ||||||
| This package provides a straightforward API: |  | ||||||
|  |  | ||||||
| ``` |  | ||||||
| func Sum64(b []byte) uint64 |  | ||||||
| func Sum64String(s string) uint64 |  | ||||||
| type Digest struct{ ... } |  | ||||||
|     func New() *Digest |  | ||||||
| ``` |  | ||||||
|  |  | ||||||
| The `Digest` type implements hash.Hash64. Its key methods are: |  | ||||||
|  |  | ||||||
| ``` |  | ||||||
| func (*Digest) Write([]byte) (int, error) |  | ||||||
| func (*Digest) WriteString(string) (int, error) |  | ||||||
| func (*Digest) Sum64() uint64 |  | ||||||
| ``` |  | ||||||
|  |  | ||||||
| The package is written with optimized pure Go and also contains even faster |  | ||||||
| assembly implementations for amd64 and arm64. If desired, the `purego` build tag |  | ||||||
| opts into using the Go code even on those architectures. |  | ||||||
|  |  | ||||||
| [xxHash]: http://cyan4973.github.io/xxHash/ |  | ||||||
|  |  | ||||||
| ## Compatibility |  | ||||||
|  |  | ||||||
| This package is in a module and the latest code is in version 2 of the module. |  | ||||||
| You need a version of Go with at least "minimal module compatibility" to use |  | ||||||
| github.com/cespare/xxhash/v2: |  | ||||||
|  |  | ||||||
| * 1.9.7+ for Go 1.9 |  | ||||||
| * 1.10.3+ for Go 1.10 |  | ||||||
| * Go 1.11 or later |  | ||||||
|  |  | ||||||
| I recommend using the latest release of Go. |  | ||||||
|  |  | ||||||
| ## Benchmarks |  | ||||||
|  |  | ||||||
| Here are some quick benchmarks comparing the pure-Go and assembly |  | ||||||
| implementations of Sum64. |  | ||||||
|  |  | ||||||
| | input size | purego    | asm       | |  | ||||||
| | ---------- | --------- | --------- | |  | ||||||
| | 4 B        |  1.3 GB/s |  1.2 GB/s | |  | ||||||
| | 16 B       |  2.9 GB/s |  3.5 GB/s | |  | ||||||
| | 100 B      |  6.9 GB/s |  8.1 GB/s | |  | ||||||
| | 4 KB       | 11.7 GB/s | 16.7 GB/s | |  | ||||||
| | 10 MB      | 12.0 GB/s | 17.3 GB/s | |  | ||||||
|  |  | ||||||
| These numbers were generated on Ubuntu 20.04 with an Intel Xeon Platinum 8252C |  | ||||||
| CPU using the following commands under Go 1.19.2: |  | ||||||
|  |  | ||||||
| ``` |  | ||||||
| benchstat <(go test -tags purego -benchtime 500ms -count 15 -bench 'Sum64$') |  | ||||||
| benchstat <(go test -benchtime 500ms -count 15 -bench 'Sum64$') |  | ||||||
| ``` |  | ||||||
|  |  | ||||||
| ## Projects using this package |  | ||||||
|  |  | ||||||
| - [InfluxDB](https://github.com/influxdata/influxdb) |  | ||||||
| - [Prometheus](https://github.com/prometheus/prometheus) |  | ||||||
| - [VictoriaMetrics](https://github.com/VictoriaMetrics/VictoriaMetrics) |  | ||||||
| - [FreeCache](https://github.com/coocood/freecache) |  | ||||||
| - [FastCache](https://github.com/VictoriaMetrics/fastcache) |  | ||||||
							
								
								
									
										10
									
								
								vendor/github.com/cespare/xxhash/v2/testall.sh
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										10
									
								
								vendor/github.com/cespare/xxhash/v2/testall.sh
									
									
									
										generated
									
									
										vendored
									
									
								
							| @@ -1,10 +0,0 @@ | |||||||
| #!/bin/bash |  | ||||||
| set -eu -o pipefail |  | ||||||
|  |  | ||||||
| # Small convenience script for running the tests with various combinations of |  | ||||||
| # arch/tags. This assumes we're running on amd64 and have qemu available. |  | ||||||
|  |  | ||||||
| go test ./... |  | ||||||
| go test -tags purego ./... |  | ||||||
| GOARCH=arm64 go test |  | ||||||
| GOARCH=arm64 go test -tags purego |  | ||||||
							
								
								
									
										228
									
								
								vendor/github.com/cespare/xxhash/v2/xxhash.go
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										228
									
								
								vendor/github.com/cespare/xxhash/v2/xxhash.go
									
									
									
										generated
									
									
										vendored
									
									
								
							| @@ -1,228 +0,0 @@ | |||||||
| // Package xxhash implements the 64-bit variant of xxHash (XXH64) as described |  | ||||||
| // at http://cyan4973.github.io/xxHash/. |  | ||||||
| package xxhash |  | ||||||
|  |  | ||||||
| import ( |  | ||||||
| 	"encoding/binary" |  | ||||||
| 	"errors" |  | ||||||
| 	"math/bits" |  | ||||||
| ) |  | ||||||
|  |  | ||||||
| const ( |  | ||||||
| 	prime1 uint64 = 11400714785074694791 |  | ||||||
| 	prime2 uint64 = 14029467366897019727 |  | ||||||
| 	prime3 uint64 = 1609587929392839161 |  | ||||||
| 	prime4 uint64 = 9650029242287828579 |  | ||||||
| 	prime5 uint64 = 2870177450012600261 |  | ||||||
| ) |  | ||||||
|  |  | ||||||
| // Store the primes in an array as well. |  | ||||||
| // |  | ||||||
| // The consts are used when possible in Go code to avoid MOVs but we need a |  | ||||||
| // contiguous array of the assembly code. |  | ||||||
| var primes = [...]uint64{prime1, prime2, prime3, prime4, prime5} |  | ||||||
|  |  | ||||||
| // Digest implements hash.Hash64. |  | ||||||
| type Digest struct { |  | ||||||
| 	v1    uint64 |  | ||||||
| 	v2    uint64 |  | ||||||
| 	v3    uint64 |  | ||||||
| 	v4    uint64 |  | ||||||
| 	total uint64 |  | ||||||
| 	mem   [32]byte |  | ||||||
| 	n     int // how much of mem is used |  | ||||||
| } |  | ||||||
|  |  | ||||||
| // New creates a new Digest that computes the 64-bit xxHash algorithm. |  | ||||||
| func New() *Digest { |  | ||||||
| 	var d Digest |  | ||||||
| 	d.Reset() |  | ||||||
| 	return &d |  | ||||||
| } |  | ||||||
|  |  | ||||||
| // Reset clears the Digest's state so that it can be reused. |  | ||||||
| func (d *Digest) Reset() { |  | ||||||
| 	d.v1 = primes[0] + prime2 |  | ||||||
| 	d.v2 = prime2 |  | ||||||
| 	d.v3 = 0 |  | ||||||
| 	d.v4 = -primes[0] |  | ||||||
| 	d.total = 0 |  | ||||||
| 	d.n = 0 |  | ||||||
| } |  | ||||||
|  |  | ||||||
| // Size always returns 8 bytes. |  | ||||||
| func (d *Digest) Size() int { return 8 } |  | ||||||
|  |  | ||||||
| // BlockSize always returns 32 bytes. |  | ||||||
| func (d *Digest) BlockSize() int { return 32 } |  | ||||||
|  |  | ||||||
| // Write adds more data to d. It always returns len(b), nil. |  | ||||||
| func (d *Digest) Write(b []byte) (n int, err error) { |  | ||||||
| 	n = len(b) |  | ||||||
| 	d.total += uint64(n) |  | ||||||
|  |  | ||||||
| 	memleft := d.mem[d.n&(len(d.mem)-1):] |  | ||||||
|  |  | ||||||
| 	if d.n+n < 32 { |  | ||||||
| 		// This new data doesn't even fill the current block. |  | ||||||
| 		copy(memleft, b) |  | ||||||
| 		d.n += n |  | ||||||
| 		return |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	if d.n > 0 { |  | ||||||
| 		// Finish off the partial block. |  | ||||||
| 		c := copy(memleft, b) |  | ||||||
| 		d.v1 = round(d.v1, u64(d.mem[0:8])) |  | ||||||
| 		d.v2 = round(d.v2, u64(d.mem[8:16])) |  | ||||||
| 		d.v3 = round(d.v3, u64(d.mem[16:24])) |  | ||||||
| 		d.v4 = round(d.v4, u64(d.mem[24:32])) |  | ||||||
| 		b = b[c:] |  | ||||||
| 		d.n = 0 |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	if len(b) >= 32 { |  | ||||||
| 		// One or more full blocks left. |  | ||||||
| 		nw := writeBlocks(d, b) |  | ||||||
| 		b = b[nw:] |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	// Store any remaining partial block. |  | ||||||
| 	copy(d.mem[:], b) |  | ||||||
| 	d.n = len(b) |  | ||||||
|  |  | ||||||
| 	return |  | ||||||
| } |  | ||||||
|  |  | ||||||
| // Sum appends the current hash to b and returns the resulting slice. |  | ||||||
| func (d *Digest) Sum(b []byte) []byte { |  | ||||||
| 	s := d.Sum64() |  | ||||||
| 	return append( |  | ||||||
| 		b, |  | ||||||
| 		byte(s>>56), |  | ||||||
| 		byte(s>>48), |  | ||||||
| 		byte(s>>40), |  | ||||||
| 		byte(s>>32), |  | ||||||
| 		byte(s>>24), |  | ||||||
| 		byte(s>>16), |  | ||||||
| 		byte(s>>8), |  | ||||||
| 		byte(s), |  | ||||||
| 	) |  | ||||||
| } |  | ||||||
|  |  | ||||||
| // Sum64 returns the current hash. |  | ||||||
| func (d *Digest) Sum64() uint64 { |  | ||||||
| 	var h uint64 |  | ||||||
|  |  | ||||||
| 	if d.total >= 32 { |  | ||||||
| 		v1, v2, v3, v4 := d.v1, d.v2, d.v3, d.v4 |  | ||||||
| 		h = rol1(v1) + rol7(v2) + rol12(v3) + rol18(v4) |  | ||||||
| 		h = mergeRound(h, v1) |  | ||||||
| 		h = mergeRound(h, v2) |  | ||||||
| 		h = mergeRound(h, v3) |  | ||||||
| 		h = mergeRound(h, v4) |  | ||||||
| 	} else { |  | ||||||
| 		h = d.v3 + prime5 |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	h += d.total |  | ||||||
|  |  | ||||||
| 	b := d.mem[:d.n&(len(d.mem)-1)] |  | ||||||
| 	for ; len(b) >= 8; b = b[8:] { |  | ||||||
| 		k1 := round(0, u64(b[:8])) |  | ||||||
| 		h ^= k1 |  | ||||||
| 		h = rol27(h)*prime1 + prime4 |  | ||||||
| 	} |  | ||||||
| 	if len(b) >= 4 { |  | ||||||
| 		h ^= uint64(u32(b[:4])) * prime1 |  | ||||||
| 		h = rol23(h)*prime2 + prime3 |  | ||||||
| 		b = b[4:] |  | ||||||
| 	} |  | ||||||
| 	for ; len(b) > 0; b = b[1:] { |  | ||||||
| 		h ^= uint64(b[0]) * prime5 |  | ||||||
| 		h = rol11(h) * prime1 |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	h ^= h >> 33 |  | ||||||
| 	h *= prime2 |  | ||||||
| 	h ^= h >> 29 |  | ||||||
| 	h *= prime3 |  | ||||||
| 	h ^= h >> 32 |  | ||||||
|  |  | ||||||
| 	return h |  | ||||||
| } |  | ||||||
|  |  | ||||||
| const ( |  | ||||||
| 	magic         = "xxh\x06" |  | ||||||
| 	marshaledSize = len(magic) + 8*5 + 32 |  | ||||||
| ) |  | ||||||
|  |  | ||||||
| // MarshalBinary implements the encoding.BinaryMarshaler interface. |  | ||||||
| func (d *Digest) MarshalBinary() ([]byte, error) { |  | ||||||
| 	b := make([]byte, 0, marshaledSize) |  | ||||||
| 	b = append(b, magic...) |  | ||||||
| 	b = appendUint64(b, d.v1) |  | ||||||
| 	b = appendUint64(b, d.v2) |  | ||||||
| 	b = appendUint64(b, d.v3) |  | ||||||
| 	b = appendUint64(b, d.v4) |  | ||||||
| 	b = appendUint64(b, d.total) |  | ||||||
| 	b = append(b, d.mem[:d.n]...) |  | ||||||
| 	b = b[:len(b)+len(d.mem)-d.n] |  | ||||||
| 	return b, nil |  | ||||||
| } |  | ||||||
|  |  | ||||||
| // UnmarshalBinary implements the encoding.BinaryUnmarshaler interface. |  | ||||||
| func (d *Digest) UnmarshalBinary(b []byte) error { |  | ||||||
| 	if len(b) < len(magic) || string(b[:len(magic)]) != magic { |  | ||||||
| 		return errors.New("xxhash: invalid hash state identifier") |  | ||||||
| 	} |  | ||||||
| 	if len(b) != marshaledSize { |  | ||||||
| 		return errors.New("xxhash: invalid hash state size") |  | ||||||
| 	} |  | ||||||
| 	b = b[len(magic):] |  | ||||||
| 	b, d.v1 = consumeUint64(b) |  | ||||||
| 	b, d.v2 = consumeUint64(b) |  | ||||||
| 	b, d.v3 = consumeUint64(b) |  | ||||||
| 	b, d.v4 = consumeUint64(b) |  | ||||||
| 	b, d.total = consumeUint64(b) |  | ||||||
| 	copy(d.mem[:], b) |  | ||||||
| 	d.n = int(d.total % uint64(len(d.mem))) |  | ||||||
| 	return nil |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func appendUint64(b []byte, x uint64) []byte { |  | ||||||
| 	var a [8]byte |  | ||||||
| 	binary.LittleEndian.PutUint64(a[:], x) |  | ||||||
| 	return append(b, a[:]...) |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func consumeUint64(b []byte) ([]byte, uint64) { |  | ||||||
| 	x := u64(b) |  | ||||||
| 	return b[8:], x |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func u64(b []byte) uint64 { return binary.LittleEndian.Uint64(b) } |  | ||||||
| func u32(b []byte) uint32 { return binary.LittleEndian.Uint32(b) } |  | ||||||
|  |  | ||||||
| func round(acc, input uint64) uint64 { |  | ||||||
| 	acc += input * prime2 |  | ||||||
| 	acc = rol31(acc) |  | ||||||
| 	acc *= prime1 |  | ||||||
| 	return acc |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func mergeRound(acc, val uint64) uint64 { |  | ||||||
| 	val = round(0, val) |  | ||||||
| 	acc ^= val |  | ||||||
| 	acc = acc*prime1 + prime4 |  | ||||||
| 	return acc |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func rol1(x uint64) uint64  { return bits.RotateLeft64(x, 1) } |  | ||||||
| func rol7(x uint64) uint64  { return bits.RotateLeft64(x, 7) } |  | ||||||
| func rol11(x uint64) uint64 { return bits.RotateLeft64(x, 11) } |  | ||||||
| func rol12(x uint64) uint64 { return bits.RotateLeft64(x, 12) } |  | ||||||
| func rol18(x uint64) uint64 { return bits.RotateLeft64(x, 18) } |  | ||||||
| func rol23(x uint64) uint64 { return bits.RotateLeft64(x, 23) } |  | ||||||
| func rol27(x uint64) uint64 { return bits.RotateLeft64(x, 27) } |  | ||||||
| func rol31(x uint64) uint64 { return bits.RotateLeft64(x, 31) } |  | ||||||
							
								
								
									
										209
									
								
								vendor/github.com/cespare/xxhash/v2/xxhash_amd64.s
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										209
									
								
								vendor/github.com/cespare/xxhash/v2/xxhash_amd64.s
									
									
									
										generated
									
									
										vendored
									
									
								
							| @@ -1,209 +0,0 @@ | |||||||
| //go:build !appengine && gc && !purego |  | ||||||
| // +build !appengine |  | ||||||
| // +build gc |  | ||||||
| // +build !purego |  | ||||||
|  |  | ||||||
| #include "textflag.h" |  | ||||||
|  |  | ||||||
| // Registers: |  | ||||||
| #define h      AX |  | ||||||
| #define d      AX |  | ||||||
| #define p      SI // pointer to advance through b |  | ||||||
| #define n      DX |  | ||||||
| #define end    BX // loop end |  | ||||||
| #define v1     R8 |  | ||||||
| #define v2     R9 |  | ||||||
| #define v3     R10 |  | ||||||
| #define v4     R11 |  | ||||||
| #define x      R12 |  | ||||||
| #define prime1 R13 |  | ||||||
| #define prime2 R14 |  | ||||||
| #define prime4 DI |  | ||||||
|  |  | ||||||
| #define round(acc, x) \ |  | ||||||
| 	IMULQ prime2, x   \ |  | ||||||
| 	ADDQ  x, acc      \ |  | ||||||
| 	ROLQ  $31, acc    \ |  | ||||||
| 	IMULQ prime1, acc |  | ||||||
|  |  | ||||||
| // round0 performs the operation x = round(0, x). |  | ||||||
| #define round0(x) \ |  | ||||||
| 	IMULQ prime2, x \ |  | ||||||
| 	ROLQ  $31, x    \ |  | ||||||
| 	IMULQ prime1, x |  | ||||||
|  |  | ||||||
| // mergeRound applies a merge round on the two registers acc and x. |  | ||||||
| // It assumes that prime1, prime2, and prime4 have been loaded. |  | ||||||
| #define mergeRound(acc, x) \ |  | ||||||
| 	round0(x)         \ |  | ||||||
| 	XORQ  x, acc      \ |  | ||||||
| 	IMULQ prime1, acc \ |  | ||||||
| 	ADDQ  prime4, acc |  | ||||||
|  |  | ||||||
| // blockLoop processes as many 32-byte blocks as possible, |  | ||||||
| // updating v1, v2, v3, and v4. It assumes that there is at least one block |  | ||||||
| // to process. |  | ||||||
| #define blockLoop() \ |  | ||||||
| loop:  \ |  | ||||||
| 	MOVQ +0(p), x  \ |  | ||||||
| 	round(v1, x)   \ |  | ||||||
| 	MOVQ +8(p), x  \ |  | ||||||
| 	round(v2, x)   \ |  | ||||||
| 	MOVQ +16(p), x \ |  | ||||||
| 	round(v3, x)   \ |  | ||||||
| 	MOVQ +24(p), x \ |  | ||||||
| 	round(v4, x)   \ |  | ||||||
| 	ADDQ $32, p    \ |  | ||||||
| 	CMPQ p, end    \ |  | ||||||
| 	JLE  loop |  | ||||||
|  |  | ||||||
| // func Sum64(b []byte) uint64 |  | ||||||
| TEXT ·Sum64(SB), NOSPLIT|NOFRAME, $0-32 |  | ||||||
| 	// Load fixed primes. |  | ||||||
| 	MOVQ ·primes+0(SB), prime1 |  | ||||||
| 	MOVQ ·primes+8(SB), prime2 |  | ||||||
| 	MOVQ ·primes+24(SB), prime4 |  | ||||||
|  |  | ||||||
| 	// Load slice. |  | ||||||
| 	MOVQ b_base+0(FP), p |  | ||||||
| 	MOVQ b_len+8(FP), n |  | ||||||
| 	LEAQ (p)(n*1), end |  | ||||||
|  |  | ||||||
| 	// The first loop limit will be len(b)-32. |  | ||||||
| 	SUBQ $32, end |  | ||||||
|  |  | ||||||
| 	// Check whether we have at least one block. |  | ||||||
| 	CMPQ n, $32 |  | ||||||
| 	JLT  noBlocks |  | ||||||
|  |  | ||||||
| 	// Set up initial state (v1, v2, v3, v4). |  | ||||||
| 	MOVQ prime1, v1 |  | ||||||
| 	ADDQ prime2, v1 |  | ||||||
| 	MOVQ prime2, v2 |  | ||||||
| 	XORQ v3, v3 |  | ||||||
| 	XORQ v4, v4 |  | ||||||
| 	SUBQ prime1, v4 |  | ||||||
|  |  | ||||||
| 	blockLoop() |  | ||||||
|  |  | ||||||
| 	MOVQ v1, h |  | ||||||
| 	ROLQ $1, h |  | ||||||
| 	MOVQ v2, x |  | ||||||
| 	ROLQ $7, x |  | ||||||
| 	ADDQ x, h |  | ||||||
| 	MOVQ v3, x |  | ||||||
| 	ROLQ $12, x |  | ||||||
| 	ADDQ x, h |  | ||||||
| 	MOVQ v4, x |  | ||||||
| 	ROLQ $18, x |  | ||||||
| 	ADDQ x, h |  | ||||||
|  |  | ||||||
| 	mergeRound(h, v1) |  | ||||||
| 	mergeRound(h, v2) |  | ||||||
| 	mergeRound(h, v3) |  | ||||||
| 	mergeRound(h, v4) |  | ||||||
|  |  | ||||||
| 	JMP afterBlocks |  | ||||||
|  |  | ||||||
| noBlocks: |  | ||||||
| 	MOVQ ·primes+32(SB), h |  | ||||||
|  |  | ||||||
| afterBlocks: |  | ||||||
| 	ADDQ n, h |  | ||||||
|  |  | ||||||
| 	ADDQ $24, end |  | ||||||
| 	CMPQ p, end |  | ||||||
| 	JG   try4 |  | ||||||
|  |  | ||||||
| loop8: |  | ||||||
| 	MOVQ  (p), x |  | ||||||
| 	ADDQ  $8, p |  | ||||||
| 	round0(x) |  | ||||||
| 	XORQ  x, h |  | ||||||
| 	ROLQ  $27, h |  | ||||||
| 	IMULQ prime1, h |  | ||||||
| 	ADDQ  prime4, h |  | ||||||
|  |  | ||||||
| 	CMPQ p, end |  | ||||||
| 	JLE  loop8 |  | ||||||
|  |  | ||||||
| try4: |  | ||||||
| 	ADDQ $4, end |  | ||||||
| 	CMPQ p, end |  | ||||||
| 	JG   try1 |  | ||||||
|  |  | ||||||
| 	MOVL  (p), x |  | ||||||
| 	ADDQ  $4, p |  | ||||||
| 	IMULQ prime1, x |  | ||||||
| 	XORQ  x, h |  | ||||||
|  |  | ||||||
| 	ROLQ  $23, h |  | ||||||
| 	IMULQ prime2, h |  | ||||||
| 	ADDQ  ·primes+16(SB), h |  | ||||||
|  |  | ||||||
| try1: |  | ||||||
| 	ADDQ $4, end |  | ||||||
| 	CMPQ p, end |  | ||||||
| 	JGE  finalize |  | ||||||
|  |  | ||||||
| loop1: |  | ||||||
| 	MOVBQZX (p), x |  | ||||||
| 	ADDQ    $1, p |  | ||||||
| 	IMULQ   ·primes+32(SB), x |  | ||||||
| 	XORQ    x, h |  | ||||||
| 	ROLQ    $11, h |  | ||||||
| 	IMULQ   prime1, h |  | ||||||
|  |  | ||||||
| 	CMPQ p, end |  | ||||||
| 	JL   loop1 |  | ||||||
|  |  | ||||||
| finalize: |  | ||||||
| 	MOVQ  h, x |  | ||||||
| 	SHRQ  $33, x |  | ||||||
| 	XORQ  x, h |  | ||||||
| 	IMULQ prime2, h |  | ||||||
| 	MOVQ  h, x |  | ||||||
| 	SHRQ  $29, x |  | ||||||
| 	XORQ  x, h |  | ||||||
| 	IMULQ ·primes+16(SB), h |  | ||||||
| 	MOVQ  h, x |  | ||||||
| 	SHRQ  $32, x |  | ||||||
| 	XORQ  x, h |  | ||||||
|  |  | ||||||
| 	MOVQ h, ret+24(FP) |  | ||||||
| 	RET |  | ||||||
|  |  | ||||||
| // func writeBlocks(d *Digest, b []byte) int |  | ||||||
| TEXT ·writeBlocks(SB), NOSPLIT|NOFRAME, $0-40 |  | ||||||
| 	// Load fixed primes needed for round. |  | ||||||
| 	MOVQ ·primes+0(SB), prime1 |  | ||||||
| 	MOVQ ·primes+8(SB), prime2 |  | ||||||
|  |  | ||||||
| 	// Load slice. |  | ||||||
| 	MOVQ b_base+8(FP), p |  | ||||||
| 	MOVQ b_len+16(FP), n |  | ||||||
| 	LEAQ (p)(n*1), end |  | ||||||
| 	SUBQ $32, end |  | ||||||
|  |  | ||||||
| 	// Load vN from d. |  | ||||||
| 	MOVQ s+0(FP), d |  | ||||||
| 	MOVQ 0(d), v1 |  | ||||||
| 	MOVQ 8(d), v2 |  | ||||||
| 	MOVQ 16(d), v3 |  | ||||||
| 	MOVQ 24(d), v4 |  | ||||||
|  |  | ||||||
| 	// We don't need to check the loop condition here; this function is |  | ||||||
| 	// always called with at least one block of data to process. |  | ||||||
| 	blockLoop() |  | ||||||
|  |  | ||||||
| 	// Copy vN back to d. |  | ||||||
| 	MOVQ v1, 0(d) |  | ||||||
| 	MOVQ v2, 8(d) |  | ||||||
| 	MOVQ v3, 16(d) |  | ||||||
| 	MOVQ v4, 24(d) |  | ||||||
|  |  | ||||||
| 	// The number of bytes written is p minus the old base pointer. |  | ||||||
| 	SUBQ b_base+8(FP), p |  | ||||||
| 	MOVQ p, ret+32(FP) |  | ||||||
|  |  | ||||||
| 	RET |  | ||||||
							
								
								
									
										183
									
								
								vendor/github.com/cespare/xxhash/v2/xxhash_arm64.s
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										183
									
								
								vendor/github.com/cespare/xxhash/v2/xxhash_arm64.s
									
									
									
										generated
									
									
										vendored
									
									
								
							| @@ -1,183 +0,0 @@ | |||||||
| //go:build !appengine && gc && !purego |  | ||||||
| // +build !appengine |  | ||||||
| // +build gc |  | ||||||
| // +build !purego |  | ||||||
|  |  | ||||||
| #include "textflag.h" |  | ||||||
|  |  | ||||||
| // Registers: |  | ||||||
| #define digest	R1 |  | ||||||
| #define h	R2 // return value |  | ||||||
| #define p	R3 // input pointer |  | ||||||
| #define n	R4 // input length |  | ||||||
| #define nblocks	R5 // n / 32 |  | ||||||
| #define prime1	R7 |  | ||||||
| #define prime2	R8 |  | ||||||
| #define prime3	R9 |  | ||||||
| #define prime4	R10 |  | ||||||
| #define prime5	R11 |  | ||||||
| #define v1	R12 |  | ||||||
| #define v2	R13 |  | ||||||
| #define v3	R14 |  | ||||||
| #define v4	R15 |  | ||||||
| #define x1	R20 |  | ||||||
| #define x2	R21 |  | ||||||
| #define x3	R22 |  | ||||||
| #define x4	R23 |  | ||||||
|  |  | ||||||
| #define round(acc, x) \ |  | ||||||
| 	MADD prime2, acc, x, acc \ |  | ||||||
| 	ROR  $64-31, acc         \ |  | ||||||
| 	MUL  prime1, acc |  | ||||||
|  |  | ||||||
| // round0 performs the operation x = round(0, x). |  | ||||||
| #define round0(x) \ |  | ||||||
| 	MUL prime2, x \ |  | ||||||
| 	ROR $64-31, x \ |  | ||||||
| 	MUL prime1, x |  | ||||||
|  |  | ||||||
| #define mergeRound(acc, x) \ |  | ||||||
| 	round0(x)                     \ |  | ||||||
| 	EOR  x, acc                   \ |  | ||||||
| 	MADD acc, prime4, prime1, acc |  | ||||||
|  |  | ||||||
| // blockLoop processes as many 32-byte blocks as possible, |  | ||||||
| // updating v1, v2, v3, and v4. It assumes that n >= 32. |  | ||||||
| #define blockLoop() \ |  | ||||||
| 	LSR     $5, n, nblocks  \ |  | ||||||
| 	PCALIGN $16             \ |  | ||||||
| 	loop:                   \ |  | ||||||
| 	LDP.P   16(p), (x1, x2) \ |  | ||||||
| 	LDP.P   16(p), (x3, x4) \ |  | ||||||
| 	round(v1, x1)           \ |  | ||||||
| 	round(v2, x2)           \ |  | ||||||
| 	round(v3, x3)           \ |  | ||||||
| 	round(v4, x4)           \ |  | ||||||
| 	SUB     $1, nblocks     \ |  | ||||||
| 	CBNZ    nblocks, loop |  | ||||||
|  |  | ||||||
| // func Sum64(b []byte) uint64 |  | ||||||
| TEXT ·Sum64(SB), NOSPLIT|NOFRAME, $0-32 |  | ||||||
| 	LDP b_base+0(FP), (p, n) |  | ||||||
|  |  | ||||||
| 	LDP  ·primes+0(SB), (prime1, prime2) |  | ||||||
| 	LDP  ·primes+16(SB), (prime3, prime4) |  | ||||||
| 	MOVD ·primes+32(SB), prime5 |  | ||||||
|  |  | ||||||
| 	CMP  $32, n |  | ||||||
| 	CSEL LT, prime5, ZR, h // if n < 32 { h = prime5 } else { h = 0 } |  | ||||||
| 	BLT  afterLoop |  | ||||||
|  |  | ||||||
| 	ADD  prime1, prime2, v1 |  | ||||||
| 	MOVD prime2, v2 |  | ||||||
| 	MOVD $0, v3 |  | ||||||
| 	NEG  prime1, v4 |  | ||||||
|  |  | ||||||
| 	blockLoop() |  | ||||||
|  |  | ||||||
| 	ROR $64-1, v1, x1 |  | ||||||
| 	ROR $64-7, v2, x2 |  | ||||||
| 	ADD x1, x2 |  | ||||||
| 	ROR $64-12, v3, x3 |  | ||||||
| 	ROR $64-18, v4, x4 |  | ||||||
| 	ADD x3, x4 |  | ||||||
| 	ADD x2, x4, h |  | ||||||
|  |  | ||||||
| 	mergeRound(h, v1) |  | ||||||
| 	mergeRound(h, v2) |  | ||||||
| 	mergeRound(h, v3) |  | ||||||
| 	mergeRound(h, v4) |  | ||||||
|  |  | ||||||
| afterLoop: |  | ||||||
| 	ADD n, h |  | ||||||
|  |  | ||||||
| 	TBZ   $4, n, try8 |  | ||||||
| 	LDP.P 16(p), (x1, x2) |  | ||||||
|  |  | ||||||
| 	round0(x1) |  | ||||||
|  |  | ||||||
| 	// NOTE: here and below, sequencing the EOR after the ROR (using a |  | ||||||
| 	// rotated register) is worth a small but measurable speedup for small |  | ||||||
| 	// inputs. |  | ||||||
| 	ROR  $64-27, h |  | ||||||
| 	EOR  x1 @> 64-27, h, h |  | ||||||
| 	MADD h, prime4, prime1, h |  | ||||||
|  |  | ||||||
| 	round0(x2) |  | ||||||
| 	ROR  $64-27, h |  | ||||||
| 	EOR  x2 @> 64-27, h, h |  | ||||||
| 	MADD h, prime4, prime1, h |  | ||||||
|  |  | ||||||
| try8: |  | ||||||
| 	TBZ    $3, n, try4 |  | ||||||
| 	MOVD.P 8(p), x1 |  | ||||||
|  |  | ||||||
| 	round0(x1) |  | ||||||
| 	ROR  $64-27, h |  | ||||||
| 	EOR  x1 @> 64-27, h, h |  | ||||||
| 	MADD h, prime4, prime1, h |  | ||||||
|  |  | ||||||
| try4: |  | ||||||
| 	TBZ     $2, n, try2 |  | ||||||
| 	MOVWU.P 4(p), x2 |  | ||||||
|  |  | ||||||
| 	MUL  prime1, x2 |  | ||||||
| 	ROR  $64-23, h |  | ||||||
| 	EOR  x2 @> 64-23, h, h |  | ||||||
| 	MADD h, prime3, prime2, h |  | ||||||
|  |  | ||||||
| try2: |  | ||||||
| 	TBZ     $1, n, try1 |  | ||||||
| 	MOVHU.P 2(p), x3 |  | ||||||
| 	AND     $255, x3, x1 |  | ||||||
| 	LSR     $8, x3, x2 |  | ||||||
|  |  | ||||||
| 	MUL prime5, x1 |  | ||||||
| 	ROR $64-11, h |  | ||||||
| 	EOR x1 @> 64-11, h, h |  | ||||||
| 	MUL prime1, h |  | ||||||
|  |  | ||||||
| 	MUL prime5, x2 |  | ||||||
| 	ROR $64-11, h |  | ||||||
| 	EOR x2 @> 64-11, h, h |  | ||||||
| 	MUL prime1, h |  | ||||||
|  |  | ||||||
| try1: |  | ||||||
| 	TBZ   $0, n, finalize |  | ||||||
| 	MOVBU (p), x4 |  | ||||||
|  |  | ||||||
| 	MUL prime5, x4 |  | ||||||
| 	ROR $64-11, h |  | ||||||
| 	EOR x4 @> 64-11, h, h |  | ||||||
| 	MUL prime1, h |  | ||||||
|  |  | ||||||
| finalize: |  | ||||||
| 	EOR h >> 33, h |  | ||||||
| 	MUL prime2, h |  | ||||||
| 	EOR h >> 29, h |  | ||||||
| 	MUL prime3, h |  | ||||||
| 	EOR h >> 32, h |  | ||||||
|  |  | ||||||
| 	MOVD h, ret+24(FP) |  | ||||||
| 	RET |  | ||||||
|  |  | ||||||
| // func writeBlocks(d *Digest, b []byte) int |  | ||||||
| TEXT ·writeBlocks(SB), NOSPLIT|NOFRAME, $0-40 |  | ||||||
| 	LDP ·primes+0(SB), (prime1, prime2) |  | ||||||
|  |  | ||||||
| 	// Load state. Assume v[1-4] are stored contiguously. |  | ||||||
| 	MOVD d+0(FP), digest |  | ||||||
| 	LDP  0(digest), (v1, v2) |  | ||||||
| 	LDP  16(digest), (v3, v4) |  | ||||||
|  |  | ||||||
| 	LDP b_base+8(FP), (p, n) |  | ||||||
|  |  | ||||||
| 	blockLoop() |  | ||||||
|  |  | ||||||
| 	// Store updated state. |  | ||||||
| 	STP (v1, v2), 0(digest) |  | ||||||
| 	STP (v3, v4), 16(digest) |  | ||||||
|  |  | ||||||
| 	BIC  $31, n |  | ||||||
| 	MOVD n, ret+32(FP) |  | ||||||
| 	RET |  | ||||||
							
								
								
									
										15
									
								
								vendor/github.com/cespare/xxhash/v2/xxhash_asm.go
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										15
									
								
								vendor/github.com/cespare/xxhash/v2/xxhash_asm.go
									
									
									
										generated
									
									
										vendored
									
									
								
							| @@ -1,15 +0,0 @@ | |||||||
| //go:build (amd64 || arm64) && !appengine && gc && !purego |  | ||||||
| // +build amd64 arm64 |  | ||||||
| // +build !appengine |  | ||||||
| // +build gc |  | ||||||
| // +build !purego |  | ||||||
|  |  | ||||||
| package xxhash |  | ||||||
|  |  | ||||||
| // Sum64 computes the 64-bit xxHash digest of b. |  | ||||||
| // |  | ||||||
| //go:noescape |  | ||||||
| func Sum64(b []byte) uint64 |  | ||||||
|  |  | ||||||
| //go:noescape |  | ||||||
| func writeBlocks(d *Digest, b []byte) int |  | ||||||
							
								
								
									
										76
									
								
								vendor/github.com/cespare/xxhash/v2/xxhash_other.go
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										76
									
								
								vendor/github.com/cespare/xxhash/v2/xxhash_other.go
									
									
									
										generated
									
									
										vendored
									
									
								
							| @@ -1,76 +0,0 @@ | |||||||
| //go:build (!amd64 && !arm64) || appengine || !gc || purego |  | ||||||
| // +build !amd64,!arm64 appengine !gc purego |  | ||||||
|  |  | ||||||
| package xxhash |  | ||||||
|  |  | ||||||
| // Sum64 computes the 64-bit xxHash digest of b. |  | ||||||
| func Sum64(b []byte) uint64 { |  | ||||||
| 	// A simpler version would be |  | ||||||
| 	//   d := New() |  | ||||||
| 	//   d.Write(b) |  | ||||||
| 	//   return d.Sum64() |  | ||||||
| 	// but this is faster, particularly for small inputs. |  | ||||||
|  |  | ||||||
| 	n := len(b) |  | ||||||
| 	var h uint64 |  | ||||||
|  |  | ||||||
| 	if n >= 32 { |  | ||||||
| 		v1 := primes[0] + prime2 |  | ||||||
| 		v2 := prime2 |  | ||||||
| 		v3 := uint64(0) |  | ||||||
| 		v4 := -primes[0] |  | ||||||
| 		for len(b) >= 32 { |  | ||||||
| 			v1 = round(v1, u64(b[0:8:len(b)])) |  | ||||||
| 			v2 = round(v2, u64(b[8:16:len(b)])) |  | ||||||
| 			v3 = round(v3, u64(b[16:24:len(b)])) |  | ||||||
| 			v4 = round(v4, u64(b[24:32:len(b)])) |  | ||||||
| 			b = b[32:len(b):len(b)] |  | ||||||
| 		} |  | ||||||
| 		h = rol1(v1) + rol7(v2) + rol12(v3) + rol18(v4) |  | ||||||
| 		h = mergeRound(h, v1) |  | ||||||
| 		h = mergeRound(h, v2) |  | ||||||
| 		h = mergeRound(h, v3) |  | ||||||
| 		h = mergeRound(h, v4) |  | ||||||
| 	} else { |  | ||||||
| 		h = prime5 |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	h += uint64(n) |  | ||||||
|  |  | ||||||
| 	for ; len(b) >= 8; b = b[8:] { |  | ||||||
| 		k1 := round(0, u64(b[:8])) |  | ||||||
| 		h ^= k1 |  | ||||||
| 		h = rol27(h)*prime1 + prime4 |  | ||||||
| 	} |  | ||||||
| 	if len(b) >= 4 { |  | ||||||
| 		h ^= uint64(u32(b[:4])) * prime1 |  | ||||||
| 		h = rol23(h)*prime2 + prime3 |  | ||||||
| 		b = b[4:] |  | ||||||
| 	} |  | ||||||
| 	for ; len(b) > 0; b = b[1:] { |  | ||||||
| 		h ^= uint64(b[0]) * prime5 |  | ||||||
| 		h = rol11(h) * prime1 |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	h ^= h >> 33 |  | ||||||
| 	h *= prime2 |  | ||||||
| 	h ^= h >> 29 |  | ||||||
| 	h *= prime3 |  | ||||||
| 	h ^= h >> 32 |  | ||||||
|  |  | ||||||
| 	return h |  | ||||||
| } |  | ||||||
|  |  | ||||||
| func writeBlocks(d *Digest, b []byte) int { |  | ||||||
| 	v1, v2, v3, v4 := d.v1, d.v2, d.v3, d.v4 |  | ||||||
| 	n := len(b) |  | ||||||
| 	for len(b) >= 32 { |  | ||||||
| 		v1 = round(v1, u64(b[0:8:len(b)])) |  | ||||||
| 		v2 = round(v2, u64(b[8:16:len(b)])) |  | ||||||
| 		v3 = round(v3, u64(b[16:24:len(b)])) |  | ||||||
| 		v4 = round(v4, u64(b[24:32:len(b)])) |  | ||||||
| 		b = b[32:len(b):len(b)] |  | ||||||
| 	} |  | ||||||
| 	d.v1, d.v2, d.v3, d.v4 = v1, v2, v3, v4 |  | ||||||
| 	return n - len(b) |  | ||||||
| } |  | ||||||
							
								
								
									
										16
									
								
								vendor/github.com/cespare/xxhash/v2/xxhash_safe.go
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										16
									
								
								vendor/github.com/cespare/xxhash/v2/xxhash_safe.go
									
									
									
										generated
									
									
										vendored
									
									
								
							| @@ -1,16 +0,0 @@ | |||||||
| //go:build appengine |  | ||||||
| // +build appengine |  | ||||||
|  |  | ||||||
| // This file contains the safe implementations of otherwise unsafe-using code. |  | ||||||
|  |  | ||||||
| package xxhash |  | ||||||
|  |  | ||||||
| // Sum64String computes the 64-bit xxHash digest of s. |  | ||||||
| func Sum64String(s string) uint64 { |  | ||||||
| 	return Sum64([]byte(s)) |  | ||||||
| } |  | ||||||
|  |  | ||||||
| // WriteString adds more data to d. It always returns len(s), nil. |  | ||||||
| func (d *Digest) WriteString(s string) (n int, err error) { |  | ||||||
| 	return d.Write([]byte(s)) |  | ||||||
| } |  | ||||||
							
								
								
									
										58
									
								
								vendor/github.com/cespare/xxhash/v2/xxhash_unsafe.go
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										58
									
								
								vendor/github.com/cespare/xxhash/v2/xxhash_unsafe.go
									
									
									
										generated
									
									
										vendored
									
									
								
							| @@ -1,58 +0,0 @@ | |||||||
| //go:build !appengine |  | ||||||
| // +build !appengine |  | ||||||
|  |  | ||||||
| // This file encapsulates usage of unsafe. |  | ||||||
| // xxhash_safe.go contains the safe implementations. |  | ||||||
|  |  | ||||||
| package xxhash |  | ||||||
|  |  | ||||||
| import ( |  | ||||||
| 	"unsafe" |  | ||||||
| ) |  | ||||||
|  |  | ||||||
| // In the future it's possible that compiler optimizations will make these |  | ||||||
| // XxxString functions unnecessary by realizing that calls such as |  | ||||||
| // Sum64([]byte(s)) don't need to copy s. See https://go.dev/issue/2205. |  | ||||||
| // If that happens, even if we keep these functions they can be replaced with |  | ||||||
| // the trivial safe code. |  | ||||||
|  |  | ||||||
| // NOTE: The usual way of doing an unsafe string-to-[]byte conversion is: |  | ||||||
| // |  | ||||||
| //   var b []byte |  | ||||||
| //   bh := (*reflect.SliceHeader)(unsafe.Pointer(&b)) |  | ||||||
| //   bh.Data = (*reflect.StringHeader)(unsafe.Pointer(&s)).Data |  | ||||||
| //   bh.Len = len(s) |  | ||||||
| //   bh.Cap = len(s) |  | ||||||
| // |  | ||||||
| // Unfortunately, as of Go 1.15.3 the inliner's cost model assigns a high enough |  | ||||||
| // weight to this sequence of expressions that any function that uses it will |  | ||||||
| // not be inlined. Instead, the functions below use a different unsafe |  | ||||||
| // conversion designed to minimize the inliner weight and allow both to be |  | ||||||
| // inlined. There is also a test (TestInlining) which verifies that these are |  | ||||||
| // inlined. |  | ||||||
| // |  | ||||||
| // See https://github.com/golang/go/issues/42739 for discussion. |  | ||||||
|  |  | ||||||
| // Sum64String computes the 64-bit xxHash digest of s. |  | ||||||
| // It may be faster than Sum64([]byte(s)) by avoiding a copy. |  | ||||||
| func Sum64String(s string) uint64 { |  | ||||||
| 	b := *(*[]byte)(unsafe.Pointer(&sliceHeader{s, len(s)})) |  | ||||||
| 	return Sum64(b) |  | ||||||
| } |  | ||||||
|  |  | ||||||
| // WriteString adds more data to d. It always returns len(s), nil. |  | ||||||
| // It may be faster than Write([]byte(s)) by avoiding a copy. |  | ||||||
| func (d *Digest) WriteString(s string) (n int, err error) { |  | ||||||
| 	d.Write(*(*[]byte)(unsafe.Pointer(&sliceHeader{s, len(s)}))) |  | ||||||
| 	// d.Write always returns len(s), nil. |  | ||||||
| 	// Ignoring the return output and returning these fixed values buys a |  | ||||||
| 	// savings of 6 in the inliner's cost model. |  | ||||||
| 	return len(s), nil |  | ||||||
| } |  | ||||||
|  |  | ||||||
| // sliceHeader is similar to reflect.SliceHeader, but it assumes that the layout |  | ||||||
| // of the first two words is the same as the layout of a string. |  | ||||||
| type sliceHeader struct { |  | ||||||
| 	s   string |  | ||||||
| 	cap int |  | ||||||
| } |  | ||||||
							
								
								
									
										15
									
								
								vendor/github.com/davecgh/go-spew/LICENSE
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										15
									
								
								vendor/github.com/davecgh/go-spew/LICENSE
									
									
									
										generated
									
									
										vendored
									
									
								
							| @@ -1,15 +0,0 @@ | |||||||
| ISC License |  | ||||||
|  |  | ||||||
| Copyright (c) 2012-2016 Dave Collins <dave@davec.name> |  | ||||||
|  |  | ||||||
| Permission to use, copy, modify, and/or distribute this software for any |  | ||||||
| purpose with or without fee is hereby granted, provided that the above |  | ||||||
| copyright notice and this permission notice appear in all copies. |  | ||||||
|  |  | ||||||
| THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |  | ||||||
| WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |  | ||||||
| MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR |  | ||||||
| ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |  | ||||||
| WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN |  | ||||||
| ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |  | ||||||
| OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |  | ||||||
							
								
								
									
										145
									
								
								vendor/github.com/davecgh/go-spew/spew/bypass.go
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										145
									
								
								vendor/github.com/davecgh/go-spew/spew/bypass.go
									
									
									
										generated
									
									
										vendored
									
									
								
							| @@ -1,145 +0,0 @@ | |||||||
| // Copyright (c) 2015-2016 Dave Collins <dave@davec.name> |  | ||||||
| // |  | ||||||
| // Permission to use, copy, modify, and distribute this software for any |  | ||||||
| // purpose with or without fee is hereby granted, provided that the above |  | ||||||
| // copyright notice and this permission notice appear in all copies. |  | ||||||
| // |  | ||||||
| // THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |  | ||||||
| // WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |  | ||||||
| // MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR |  | ||||||
| // ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |  | ||||||
| // WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN |  | ||||||
| // ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |  | ||||||
| // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |  | ||||||
|  |  | ||||||
| // NOTE: Due to the following build constraints, this file will only be compiled |  | ||||||
| // when the code is not running on Google App Engine, compiled by GopherJS, and |  | ||||||
| // "-tags safe" is not added to the go build command line.  The "disableunsafe" |  | ||||||
| // tag is deprecated and thus should not be used. |  | ||||||
| // Go versions prior to 1.4 are disabled because they use a different layout |  | ||||||
| // for interfaces which make the implementation of unsafeReflectValue more complex. |  | ||||||
| // +build !js,!appengine,!safe,!disableunsafe,go1.4 |  | ||||||
|  |  | ||||||
| package spew |  | ||||||
|  |  | ||||||
| import ( |  | ||||||
| 	"reflect" |  | ||||||
| 	"unsafe" |  | ||||||
| ) |  | ||||||
|  |  | ||||||
| const ( |  | ||||||
| 	// UnsafeDisabled is a build-time constant which specifies whether or |  | ||||||
| 	// not access to the unsafe package is available. |  | ||||||
| 	UnsafeDisabled = false |  | ||||||
|  |  | ||||||
| 	// ptrSize is the size of a pointer on the current arch. |  | ||||||
| 	ptrSize = unsafe.Sizeof((*byte)(nil)) |  | ||||||
| ) |  | ||||||
|  |  | ||||||
| type flag uintptr |  | ||||||
|  |  | ||||||
| var ( |  | ||||||
| 	// flagRO indicates whether the value field of a reflect.Value |  | ||||||
| 	// is read-only. |  | ||||||
| 	flagRO flag |  | ||||||
|  |  | ||||||
| 	// flagAddr indicates whether the address of the reflect.Value's |  | ||||||
| 	// value may be taken. |  | ||||||
| 	flagAddr flag |  | ||||||
| ) |  | ||||||
|  |  | ||||||
| // flagKindMask holds the bits that make up the kind |  | ||||||
| // part of the flags field. In all the supported versions, |  | ||||||
| // it is in the lower 5 bits. |  | ||||||
| const flagKindMask = flag(0x1f) |  | ||||||
|  |  | ||||||
| // Different versions of Go have used different |  | ||||||
| // bit layouts for the flags type. This table |  | ||||||
| // records the known combinations. |  | ||||||
| var okFlags = []struct { |  | ||||||
| 	ro, addr flag |  | ||||||
| }{{ |  | ||||||
| 	// From Go 1.4 to 1.5 |  | ||||||
| 	ro:   1 << 5, |  | ||||||
| 	addr: 1 << 7, |  | ||||||
| }, { |  | ||||||
| 	// Up to Go tip. |  | ||||||
| 	ro:   1<<5 | 1<<6, |  | ||||||
| 	addr: 1 << 8, |  | ||||||
| }} |  | ||||||
|  |  | ||||||
| var flagValOffset = func() uintptr { |  | ||||||
| 	field, ok := reflect.TypeOf(reflect.Value{}).FieldByName("flag") |  | ||||||
| 	if !ok { |  | ||||||
| 		panic("reflect.Value has no flag field") |  | ||||||
| 	} |  | ||||||
| 	return field.Offset |  | ||||||
| }() |  | ||||||
|  |  | ||||||
| // flagField returns a pointer to the flag field of a reflect.Value. |  | ||||||
| func flagField(v *reflect.Value) *flag { |  | ||||||
| 	return (*flag)(unsafe.Pointer(uintptr(unsafe.Pointer(v)) + flagValOffset)) |  | ||||||
| } |  | ||||||
|  |  | ||||||
| // unsafeReflectValue converts the passed reflect.Value into a one that bypasses |  | ||||||
| // the typical safety restrictions preventing access to unaddressable and |  | ||||||
| // unexported data.  It works by digging the raw pointer to the underlying |  | ||||||
| // value out of the protected value and generating a new unprotected (unsafe) |  | ||||||
| // reflect.Value to it. |  | ||||||
| // |  | ||||||
| // This allows us to check for implementations of the Stringer and error |  | ||||||
| // interfaces to be used for pretty printing ordinarily unaddressable and |  | ||||||
| // inaccessible values such as unexported struct fields. |  | ||||||
| func unsafeReflectValue(v reflect.Value) reflect.Value { |  | ||||||
| 	if !v.IsValid() || (v.CanInterface() && v.CanAddr()) { |  | ||||||
| 		return v |  | ||||||
| 	} |  | ||||||
| 	flagFieldPtr := flagField(&v) |  | ||||||
| 	*flagFieldPtr &^= flagRO |  | ||||||
| 	*flagFieldPtr |= flagAddr |  | ||||||
| 	return v |  | ||||||
| } |  | ||||||
|  |  | ||||||
| // Sanity checks against future reflect package changes |  | ||||||
| // to the type or semantics of the Value.flag field. |  | ||||||
| func init() { |  | ||||||
| 	field, ok := reflect.TypeOf(reflect.Value{}).FieldByName("flag") |  | ||||||
| 	if !ok { |  | ||||||
| 		panic("reflect.Value has no flag field") |  | ||||||
| 	} |  | ||||||
| 	if field.Type.Kind() != reflect.TypeOf(flag(0)).Kind() { |  | ||||||
| 		panic("reflect.Value flag field has changed kind") |  | ||||||
| 	} |  | ||||||
| 	type t0 int |  | ||||||
| 	var t struct { |  | ||||||
| 		A t0 |  | ||||||
| 		// t0 will have flagEmbedRO set. |  | ||||||
| 		t0 |  | ||||||
| 		// a will have flagStickyRO set |  | ||||||
| 		a t0 |  | ||||||
| 	} |  | ||||||
| 	vA := reflect.ValueOf(t).FieldByName("A") |  | ||||||
| 	va := reflect.ValueOf(t).FieldByName("a") |  | ||||||
| 	vt0 := reflect.ValueOf(t).FieldByName("t0") |  | ||||||
|  |  | ||||||
| 	// Infer flagRO from the difference between the flags |  | ||||||
| 	// for the (otherwise identical) fields in t. |  | ||||||
| 	flagPublic := *flagField(&vA) |  | ||||||
| 	flagWithRO := *flagField(&va) | *flagField(&vt0) |  | ||||||
| 	flagRO = flagPublic ^ flagWithRO |  | ||||||
|  |  | ||||||
| 	// Infer flagAddr from the difference between a value |  | ||||||
| 	// taken from a pointer and not. |  | ||||||
| 	vPtrA := reflect.ValueOf(&t).Elem().FieldByName("A") |  | ||||||
| 	flagNoPtr := *flagField(&vA) |  | ||||||
| 	flagPtr := *flagField(&vPtrA) |  | ||||||
| 	flagAddr = flagNoPtr ^ flagPtr |  | ||||||
|  |  | ||||||
| 	// Check that the inferred flags tally with one of the known versions. |  | ||||||
| 	for _, f := range okFlags { |  | ||||||
| 		if flagRO == f.ro && flagAddr == f.addr { |  | ||||||
| 			return |  | ||||||
| 		} |  | ||||||
| 	} |  | ||||||
| 	panic("reflect.Value read-only flag has changed semantics") |  | ||||||
| } |  | ||||||
							
								
								
									
										38
									
								
								vendor/github.com/davecgh/go-spew/spew/bypasssafe.go
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										38
									
								
								vendor/github.com/davecgh/go-spew/spew/bypasssafe.go
									
									
									
										generated
									
									
										vendored
									
									
								
							| @@ -1,38 +0,0 @@ | |||||||
| // Copyright (c) 2015-2016 Dave Collins <dave@davec.name> |  | ||||||
| // |  | ||||||
| // Permission to use, copy, modify, and distribute this software for any |  | ||||||
| // purpose with or without fee is hereby granted, provided that the above |  | ||||||
| // copyright notice and this permission notice appear in all copies. |  | ||||||
| // |  | ||||||
| // THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |  | ||||||
| // WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |  | ||||||
| // MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR |  | ||||||
| // ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |  | ||||||
| // WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN |  | ||||||
| // ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |  | ||||||
| // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |  | ||||||
|  |  | ||||||
| // NOTE: Due to the following build constraints, this file will only be compiled |  | ||||||
| // when the code is running on Google App Engine, compiled by GopherJS, or |  | ||||||
| // "-tags safe" is added to the go build command line.  The "disableunsafe" |  | ||||||
| // tag is deprecated and thus should not be used. |  | ||||||
| // +build js appengine safe disableunsafe !go1.4 |  | ||||||
|  |  | ||||||
| package spew |  | ||||||
|  |  | ||||||
| import "reflect" |  | ||||||
|  |  | ||||||
| const ( |  | ||||||
| 	// UnsafeDisabled is a build-time constant which specifies whether or |  | ||||||
| 	// not access to the unsafe package is available. |  | ||||||
| 	UnsafeDisabled = true |  | ||||||
| ) |  | ||||||
|  |  | ||||||
| // unsafeReflectValue typically converts the passed reflect.Value into a one |  | ||||||
| // that bypasses the typical safety restrictions preventing access to |  | ||||||
| // unaddressable and unexported data.  However, doing this relies on access to |  | ||||||
| // the unsafe package.  This is a stub version which simply returns the passed |  | ||||||
| // reflect.Value when the unsafe package is not available. |  | ||||||
| func unsafeReflectValue(v reflect.Value) reflect.Value { |  | ||||||
| 	return v |  | ||||||
| } |  | ||||||
Some files were not shown because too many files have changed in this diff Show More
		Reference in New Issue
	
	Block a user