AverageMarcus
/
kube-1password-secrets
1
0
Fork 0
Code Issues Pull Requests Releases Activity

feat: parse secret text as multiple secrets

This commit is contained in:
Marcus Noble 2021-05-12 12:46:08 +01:00
parent 9a02a817b9
commit 2ed79284e3
2 changed files with 25 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
README.md
View File

@ -39,11 +39,12 @@ kind: Secret
metadata: metadata:
name: example-secret name: example-secret
annotations: annotations:
kube-1password: 123456example7890 # [Required] This is the ID of the item within 1Password kube-1password: 123456example7890 # [Required] This is the ID of the item within 1Password
kube-1password/vault: Kubernetes # The name of the Vault kube-1password/vault: Kubernetes # The name of the Vault
kube-1password/username-key: "user" # The key the username should be saved as in the Secret resource (default: `username`) kube-1password/username-key: "user" # The key the username should be saved as in the Secret resource (default: `username`)
kube-1password/password-key: "pass" # The key the password should be saved as in the Secret resource (default: `password`) kube-1password/password-key: "pass" # The key the password should be saved as in the Secret resource (default: `password`)
kube-1password/secret-text-key: "note" # The key the secret text should be saved as in the Secret resource (default: `secretText`) kube-1password/secret-text-key: "note" # The key the secret text should be saved as in the Secret resource (default: `secretText`)
kube-1password/secret-text-parse: "true" # Parse the secret texts as individual secret values in format `key=value` (default: ``)
type: Opaque type: Opaque
``` ```

25
main.go
View File

@ -6,6 +6,7 @@ import (
"log" "log"
"os" "os"
"os/user" "os/user"
"strings"
"time" "time"
"git.cloud.cluster.fun/AverageMarcus/kube-1password-secrets/internal/onepassword" "git.cloud.cluster.fun/AverageMarcus/kube-1password-secrets/internal/onepassword"
@ -16,11 +17,12 @@ import (
) )
const ( const (
idAnnotation = "kube-1password" idAnnotation = "kube-1password"
vaultAnnotation = "kube-1password/vault" vaultAnnotation = "kube-1password/vault"
usernameAnnotation = "kube-1password/username-key" usernameAnnotation = "kube-1password/username-key"
passwordAnnotation = "kube-1password/password-key" passwordAnnotation = "kube-1password/password-key"
secretTextAnnotation = "kube-1password/secret-text-key" secretTextAnnotation = "kube-1password/secret-text-key"
secretTextParseAnnotation = "kube-1password/secret-text-parse"
) )
func main() { func main() {
@ -68,7 +70,18 @@ func main() {
} }
if item.SecretText != "" { if item.SecretText != "" {
s.Data[keys["secretText"]] = []byte(item.SecretText) if s.ObjectMeta.Annotations[secretTextParseAnnotation] != "" {
// Parse secret text as individual secrets
lines := strings.Split(item.SecretText, "\n")
for _, line := range lines {
parts := strings.Split(line, "=")
if len(parts) == 2 {
s.Data[parts[0]] = []byte(parts[1])
}
}
} else {
s.Data[keys["secretText"]] = []byte(item.SecretText)
}
} }
if _, err := clientset.CoreV1().Secrets(s.GetNamespace()).Update(context.Background(), &s, metav1.UpdateOptions{}); err != nil { if _, err := clientset.CoreV1().Secrets(s.GetNamespace()).Update(context.Background(), &s, metav1.UpdateOptions{}); err != nil {