Managing secrets (#38)

* fix: reconciling of the child secret resources updated/deleted manually
isindir · Nov 14, 2020 · 0059b69 · 0059b69
1 parent 121be30
commit 0059b69
Show file tree

Hide file tree

Showing 12 changed files with 75 additions and 48 deletions.
diff --git a/Makefile b/Makefile
@@ -1,6 +1,6 @@
 SHELL := /bin/bash
 GO := GO15VENDOREXPERIMENT=1 GO111MODULE=on GOPROXY=https://proxy.golang.org go
-SOPS_SEC_OPERATOR_VERSION := 0.1.6
+SOPS_SEC_OPERATOR_VERSION := 0.1.7
 
 # https://github.com/kubernetes-sigs/controller-tools/releases
 CONTROLLER_TOOLS_VERSION := "v0.3.0"

diff --git a/chart/helm2/sops-secrets-operator/Chart.yaml b/chart/helm2/sops-secrets-operator/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v1
-version: 0.5.0
-appVersion: 0.1.6
+version: 0.5.1
+appVersion: 0.1.7
 description: sops secrets operator
 name: sops-secrets-operator
 sources:

diff --git a/chart/helm2/sops-secrets-operator/README.md b/chart/helm2/sops-secrets-operator/README.md
@@ -83,7 +83,7 @@ The following table lists the configurable parameters of the Sops-secrets-operat
 | ------------------------ | ----------------------- | -------------- |
 | `replicaCount` | Deployment replica count  - should not be modified | `1` |
 | `image.repository` | Operator image | `"isindir/sops-secrets-operator"` |
-| `image.tag` | Operator image tag | `"0.1.5"` |
+| `image.tag` | Operator image tag | `"0.1.7"` |
 | `image.pullPolicy` | Operator image pull policy | `"Always"` |
 | `imagePullSecrets` | Secrets to pull image from private docker repository | `[]` |
 | `nameOverride` | Overrides auto-generated short resource name | `""` |
@@ -96,11 +96,11 @@ The following table lists the configurable parameters of the Sops-secrets-operat
 | `gcp.enabled` | Node labels for operator pod assignment | `false` |
 | `gcp.svcAccSecretCustomName` | Name of the secret to create - will override default secret name if specified | `""` |
 | `gcp.svcAccSecret` | If `gcp.enabled` is `true`, this value must be specified as gcp service account secret json payload | `""` |
-| `azure.enabled` | If `true` azure secret will used/created depending on other values set. | `false` |
-| `azure.tenantId`| Tenant ID of the Azure Service principal to use for Key access | `''` |
-| `azure.clientId`| Client (Application) ID of the Azure Service principal to use for Key access | `''` |
-| `azure.clientSecret`| Client Secret of the Azure Service principal to use for Key access | `''` |
-| `azure.existingSecretName`| If set the named secret will be used to find the Azure SP credentials. | `''` |
+| `azure.enabled` | If true azure keyvault will be used | `false` |
+| `azure.tenantId` | Tenantid of azure service principal to use | `""` |
+| `azure.clientId` | Clientid (application id) of azure service principal to use | `""` |
+| `azure.clientSecret` | Client secret of azure service principal | `""` |
+| `azure.existingSecretName` | Name of a pre-existing secret containing azure service principal credentials (clientid, clientsecret, tenantid) | `""` |
 | `secretsAsEnvVars` | Configure custom secrets to be used as environment variables at runtime, see values.yaml | `[]` |
 | `secretsAsFiles` | Configure custom secrets to be mounted at runtime, see values.yaml | `[]` |
 | `resources` | Operator container resources | `{}` |

diff --git a/chart/helm2/sops-secrets-operator/values.yaml b/chart/helm2/sops-secrets-operator/values.yaml
@@ -6,7 +6,7 @@ replicaCount: 1  # Deployment replica count  - should not be modified
 
 image:
   repository: isindir/sops-secrets-operator  # Operator image
-  tag: 0.1.6  # Operator image tag
+  tag: 0.1.7  # Operator image tag
   pullPolicy: Always  # Operator image pull policy
 
 imagePullSecrets: []  # Secrets to pull image from private docker repository

diff --git a/chart/helm3/sops-secrets-operator/Chart.yaml b/chart/helm3/sops-secrets-operator/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
-version: 0.6.0
-appVersion: 0.1.6
+version: 0.6.1
+appVersion: 0.1.7
 type: application
 description: sops secrets operator
 name: sops-secrets-operator

diff --git a/chart/helm3/sops-secrets-operator/README.md b/chart/helm3/sops-secrets-operator/README.md
@@ -83,7 +83,7 @@ The following table lists the configurable parameters of the Sops-secrets-operat
 | ------------------------ | ----------------------- | -------------- |
 | `replicaCount` | Deployment replica count  - should not be modified | `1` |
 | `image.repository` | Operator image | `"isindir/sops-secrets-operator"` |
-| `image.tag` | Operator image tag | `"0.1.5"` |
+| `image.tag` | Operator image tag | `"0.1.7"` |
 | `image.pullPolicy` | Operator image pull policy | `"Always"` |
 | `imagePullSecrets` | Secrets to pull image from private docker repository | `[]` |
 | `nameOverride` | Overrides auto-generated short resource name | `""` |
@@ -96,11 +96,11 @@ The following table lists the configurable parameters of the Sops-secrets-operat
 | `gcp.enabled` | Node labels for operator pod assignment | `false` |
 | `gcp.svcAccSecretCustomName` | Name of the secret to create - will override default secret name if specified | `""` |
 | `gcp.svcAccSecret` | If `gcp.enabled` is `true`, this value must be specified as gcp service account secret json payload | `""` |
-| `azure.enabled` | If `true` azure secret will used/created depending on other values set. | `false` |
-| `azure.tenantId`| Tenant ID of the Azure Service principal to use for Key access | `''` |
-| `azure.clientId`| Client (Application) ID of the Azure Service principal to use for Key access | `''` |
-| `azure.clientSecret`| Client Secret of the Azure Service principal to use for Key access | `''` |
-| `azure.existingSecretName`| If set the named secret will be used to find the Azure SP credentials. | `''` |
+| `azure.enabled` | If true azure keyvault will be used | `false` |
+| `azure.tenantId` | Tenantid of azure service principal to use | `""` |
+| `azure.clientId` | Clientid (application id) of azure service principal to use | `""` |
+| `azure.clientSecret` | Client secret of azure service principal | `""` |
+| `azure.existingSecretName` | Name of a pre-existing secret containing azure service principal credentials (clientid, clientsecret, tenantid) | `""` |
 | `secretsAsEnvVars` | Configure custom secrets to be used as environment variables at runtime, see values.yaml | `[]` |
 | `secretsAsFiles` | Configure custom secrets to be mounted at runtime, see values.yaml | `[]` |
 | `resources` | Operator container resources | `{}` |

diff --git a/chart/helm3/sops-secrets-operator/tests/operator_test.yaml b/chart/helm3/sops-secrets-operator/tests/operator_test.yaml
@@ -30,8 +30,8 @@ tests:
             app.kubernetes.io/instance: sops
             app.kubernetes.io/managed-by: Helm
             app.kubernetes.io/name: sops-secrets-operator
-            app.kubernetes.io/version: 0.1.6
-            helm.sh/chart: sops-secrets-operator-0.6.0
+            app.kubernetes.io/version: 0.1.7
+            helm.sh/chart: sops-secrets-operator-0.6.1
 
   # template metadata and spec selector
   - it: should correctly render template metadata and spec selector
@@ -140,7 +140,7 @@ tests:
     asserts:
       - equal:
           path: spec.template.spec.containers[0].image
-          value: isindir/sops-secrets-operator:0.1.6
+          value: isindir/sops-secrets-operator:0.1.7
       - equal:
           path: spec.template.spec.containers[0].imagePullPolicy
           value: Always

diff --git a/chart/helm3/sops-secrets-operator/values.yaml b/chart/helm3/sops-secrets-operator/values.yaml
@@ -6,7 +6,7 @@ replicaCount: 1  # Deployment replica count  - should not be modified
 
 image:
   repository: isindir/sops-secrets-operator  # Operator image
-  tag: 0.1.6  # Operator image tag
+  tag: 0.1.7  # Operator image tag
   pullPolicy: Always  # Operator image pull policy
 
 imagePullSecrets: []  # Secrets to pull image from private docker repository

diff --git a/controllers/sopssecret_controller.go b/controllers/sopssecret_controller.go
@@ -87,9 +87,6 @@ func (r *SopsSecretReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error)
 		return reconcile.Result{}, err
 	}
 
-	// totalSecrets := len(instance.Spec.SecretsTemplate)
-	// reconciledSecrets := instanceEncrypted.Status.SecretsReconciled
-
 	// iterating over secret templates
 	r.Log.Info("Entering template data loop", "sopssecret", req.NamespacedName)
 	for _, secretTemplateValue := range instance.Spec.SecretsTemplate {
@@ -199,6 +196,7 @@ func (r *SopsSecretReconciler) SetupWithManager(mgr ctrl.Manager) error {
 
 	return ctrl.NewControllerManagedBy(mgr).
 		For(&isindirv1alpha2.SopsSecret{}).
+		Owns(&corev1.Secret{}).
 		Complete(r)
 }
 
@@ -286,7 +284,7 @@ func getSecretType(paramType string) corev1.SecretType {
 	return kubeSecretType
 }
 
-// decryptSopsSecretInstance decrypts data_template
+// decryptSopsSecretInstance decrypts spec.secretTemplates
 func decryptSopsSecretInstance(
 	instanceEncrypted *isindirv1alpha2.SopsSecret,
 	reqLogger logr.Logger,

diff --git a/docs/index.yaml b/docs/index.yaml
@@ -1,9 +1,24 @@
 apiVersion: v1
 entries:
   sops-secrets-operator:
+  - apiVersion: v2
+    appVersion: 0.1.7
+    created: "2020-11-14T12:01:26.207716Z"
+    description: sops secrets operator
+    digest: f2a606c3837843241bb9d59adc02c38e1cca98753c602b9f758cc61d735ca7cd
+    maintainers:
+    - email: [email protected]
+      name: isindir
+    name: sops-secrets-operator
+    sources:
+    - https://github.com/isindir/sops-secrets-operator.git
+    type: application
+    urls:
+    - https://isindir.github.io/sops-secrets-operator/sops-secrets-operator-0.6.1.tgz
+    version: 0.6.1
   - apiVersion: v2
     appVersion: 0.1.6
-    created: "2020-11-08T11:26:09.88463Z"
+    created: "2020-11-14T12:01:26.206844Z"
     description: sops secrets operator
     digest: a2bbf9b39ec5f5b82965037f8f245fb3122adbe31b1c7d336fa1f4cddb228b88
     maintainers:
@@ -16,9 +31,23 @@ entries:
     urls:
     - https://isindir.github.io/sops-secrets-operator/sops-secrets-operator-0.6.0.tgz
     version: 0.6.0
+  - apiVersion: v1
+    appVersion: 0.1.7
+    created: "2020-11-14T12:01:26.20573Z"
+    description: sops secrets operator
+    digest: b54b5d8497564ddc04bd6d8b105eb0a3559e82ae1f6aab2f59ed3e426f119287
+    maintainers:
+    - email: [email protected]
+      name: isindir
+    name: sops-secrets-operator
+    sources:
+    - https://github.com/isindir/sops-secrets-operator.git
+    urls:
+    - https://isindir.github.io/sops-secrets-operator/sops-secrets-operator-0.5.1.tgz
+    version: 0.5.1
   - apiVersion: v1
     appVersion: 0.1.6
-    created: "2020-11-08T11:26:09.883758Z"
+    created: "2020-11-14T12:01:26.205036Z"
     description: sops secrets operator
     digest: 177f1ed214d6e72eda589a6ab155a417c1a4229bfda11e87f24af125a3542ad1
     maintainers:
@@ -32,7 +61,7 @@ entries:
     version: 0.5.0
   - apiVersion: v2
     appVersion: 0.1.5
-    created: "2020-11-08T11:26:09.882992Z"
+    created: "2020-11-14T12:01:26.203955Z"
     description: sops secrets operator
     digest: 1535e130357afa883db0b3d30735c817d3b7d412fe5bdfd71534d0c08defa7d1
     maintainers:
@@ -47,7 +76,7 @@ entries:
     version: 0.4.8
   - apiVersion: v2
     appVersion: 0.1.5
-    created: "2020-11-08T11:26:09.881392Z"
+    created: "2020-11-14T12:01:26.202843Z"
     description: sops secrets operator
     digest: 19b11dc2d1945f3c436a7d03763b4391d4a382fc13ea515d25422827d859d6d0
     maintainers:
@@ -62,7 +91,7 @@ entries:
     version: 0.4.7
   - apiVersion: v2
     appVersion: 0.1.5
-    created: "2020-11-08T11:26:09.880387Z"
+    created: "2020-11-14T12:01:26.201815Z"
     description: sops secrets operator
     digest: c839e5d3374b948d27ad49643411f4891fdec44d179dea06423bb0d6e29d5e32
     maintainers:
@@ -77,7 +106,7 @@ entries:
     version: 0.4.6
   - apiVersion: v2
     appVersion: 0.1.4
-    created: "2020-11-08T11:26:09.879162Z"
+    created: "2020-11-14T12:01:26.200254Z"
     description: sops secrets operator
     digest: c71f9f66be32f8b9d3c8d780b09b2455a40fd9755314004efd2bb8d379dafe3c
     maintainers:
@@ -92,7 +121,7 @@ entries:
     version: 0.4.5
   - apiVersion: v2
     appVersion: 0.1.3
-    created: "2020-11-08T11:26:09.878056Z"
+    created: "2020-11-14T12:01:26.199442Z"
     description: sops secrets operator
     digest: f3f2f89d4ef6018776df0a12a63dd2f9c9519b9d1ac03a9a405e31d0fd902ba0
     maintainers:
@@ -107,7 +136,7 @@ entries:
     version: 0.4.4
   - apiVersion: v2
     appVersion: 0.1.2
-    created: "2020-11-08T11:26:09.877231Z"
+    created: "2020-11-14T12:01:26.198498Z"
     description: sops secrets operator
     digest: 1fd5eed318627f5ed0656f4e8ce4a25729568a1626ae313bcbe21050f5f26240
     maintainers:
@@ -122,7 +151,7 @@ entries:
     version: 0.4.3
   - apiVersion: v2
     appVersion: 0.1.2
-    created: "2020-11-08T11:26:09.876415Z"
+    created: "2020-11-14T12:01:26.197557Z"
     description: sops secrets operator
     digest: 1f4f9869c75f0922e83ba5d530e101bd4252d5c1c31365800cc9d1425680cf18
     maintainers:
@@ -137,7 +166,7 @@ entries:
     version: 0.4.2
   - apiVersion: v2
     appVersion: 0.1.1
-    created: "2020-11-08T11:26:09.875213Z"
+    created: "2020-11-14T12:01:26.196731Z"
     description: sops secrets operator
     digest: 6b054a4e9f261eea3cb84ee2e70b87b24780f1703e2c218ea5f69b7f82d1876f
     maintainers:
@@ -152,7 +181,7 @@ entries:
     version: 0.4.1
   - apiVersion: v2
     appVersion: 0.1.0
-    created: "2020-11-08T11:26:09.874428Z"
+    created: "2020-11-14T12:01:26.195036Z"
     description: sops secrets operator
     digest: 78b62ab37eac1b45f0a68a9752a3615c5d3f1c960bb4057e665923ce104931cf
     maintainers:
@@ -167,7 +196,7 @@ entries:
     version: 0.4.0
   - apiVersion: v1
     appVersion: 0.1.5
-    created: "2020-11-08T11:26:09.873663Z"
+    created: "2020-11-14T12:01:26.194196Z"
     description: sops secrets operator
     digest: 41baa3c580cb9d8951c18513a4f04c4dbbfad99de9c62f53de2450c0c7b76725
     maintainers:
@@ -181,7 +210,7 @@ entries:
     version: 0.3.7
   - apiVersion: v1
     appVersion: 0.1.5
-    created: "2020-11-08T11:26:09.872322Z"
+    created: "2020-11-14T12:01:26.193051Z"
     description: sops secrets operator
     digest: 1103b1f7bf7af3f400c172227cd5a3659f3a03e5e8158b19ba0b25f7ed45208b
     maintainers:
@@ -195,7 +224,7 @@ entries:
     version: 0.3.6
   - apiVersion: v1
     appVersion: 0.1.5
-    created: "2020-11-08T11:26:09.871465Z"
+    created: "2020-11-14T12:01:26.192216Z"
     description: sops secrets operator
     digest: 15c72ba7fb09d0e980ec32fd94f56893c439c05c435281a9ab9c8bc94bd20063
     maintainers:
@@ -209,7 +238,7 @@ entries:
     version: 0.3.5
   - apiVersion: v1
     appVersion: 0.1.4
-    created: "2020-11-08T11:26:09.870604Z"
+    created: "2020-11-14T12:01:26.191341Z"
     description: sops secrets operator
     digest: 025a6a6381b75286756ef55105ace6e911e5a5818b495ede6356cc8ec572aeac
     maintainers:
@@ -223,7 +252,7 @@ entries:
     version: 0.3.4
   - apiVersion: v1
     appVersion: 0.1.3
-    created: "2020-11-08T11:26:09.868366Z"
+    created: "2020-11-14T12:01:26.188731Z"
     description: sops secrets operator
     digest: f61b070b640169439cf4ab500047c1e356748a85871f7aeefde46d63d87d453a
     maintainers:
@@ -237,7 +266,7 @@ entries:
     version: 0.3.3
   - apiVersion: v1
     appVersion: 0.1.2
-    created: "2020-11-08T11:26:09.866878Z"
+    created: "2020-11-14T12:01:26.187297Z"
     description: sops secrets operator
     digest: 2b37dc4e545e8a9540f6b7693079b98bf161ec5a68899defcfc9420bdcbb33e3
     maintainers:
@@ -251,7 +280,7 @@ entries:
     version: 0.3.2
   - apiVersion: v1
     appVersion: 0.1.1
-    created: "2020-11-08T11:26:09.864728Z"
+    created: "2020-11-14T12:01:26.185764Z"
     description: sops secrets operator
     digest: 2e2762b8f9d66aab0caacde225955fec8bfd5a4cc10dc6943a1de3809dda4091
     maintainers:
@@ -265,7 +294,7 @@ entries:
     version: 0.3.1
   - apiVersion: v1
     appVersion: 0.1.0
-    created: "2020-11-08T11:26:09.863104Z"
+    created: "2020-11-14T12:01:26.184424Z"
     description: sops secrets operator
     digest: ce84f5b64402a582c7689cb842ba03fb10f968c38b57dc9e05f588493128019a
     maintainers:
@@ -279,7 +308,7 @@ entries:
     version: 0.3.0
   - apiVersion: v2
     appVersion: 0.0.10
-    created: "2020-11-08T11:26:09.861444Z"
+    created: "2020-11-14T12:01:26.182914Z"
     description: sops secrets operator
     digest: 5e4c8bc37ea2c819c55b288c0a5e76ff8c9c02be591bd53776606666af45581c
     maintainers:
@@ -294,7 +323,7 @@ entries:
     version: 0.2.1
   - apiVersion: v1
     appVersion: 0.0.10
-    created: "2020-11-08T11:26:09.860353Z"
+    created: "2020-11-14T12:01:26.181727Z"
     description: sops secrets operator
     digest: 50b8ebab19008dfc43de1eaee8b0f6287f7a55134585dc6ae88df2520d779f8f
     maintainers:
@@ -306,4 +335,4 @@ entries:
     urls:
     - https://isindir.github.io/sops-secrets-operator/sops-secrets-operator-0.1.10.tgz
     version: 0.1.10
-generated: "2020-11-08T11:26:09.8588Z"
+generated: "2020-11-14T12:01:26.179109Z"
diff --git a/docs/sops-secrets-operator-0.5.1.tgz b/docs/sops-secrets-operator-0.5.1.tgz
diff --git a/docs/sops-secrets-operator-0.6.1.tgz b/docs/sops-secrets-operator-0.6.1.tgz