feat: improve error message; upgrade controller-gen to 0.3.0; add sup…

…port of HashiCorp Vault to the operator (#37) * fix: improve error message * upgrade controller-gen to 0.3.0 * feat: add support of HashiCorp Vault to the operator * package helm charts
isindir · Nov 8, 2020 · 121be30 · 121be30
1 parent b0ec776
commit 121be30
Show file tree

Hide file tree

Showing 14 changed files with 121 additions and 34 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -203,6 +203,7 @@ jobs:
 
             # Dump cluster info
             kubectl cluster-info
+            which kubectl
             kubectl version
             kubectl describe node k3d-operator-server-0
             kubectl describe node k3d-operator-agent-0

diff --git a/Makefile b/Makefile
@@ -1,9 +1,9 @@
 SHELL := /bin/bash
 GO := GO15VENDOREXPERIMENT=1 GO111MODULE=on GOPROXY=https://proxy.golang.org go
-SOPS_SEC_OPERATOR_VERSION := 0.1.5
+SOPS_SEC_OPERATOR_VERSION := 0.1.6
 
 # https://github.com/kubernetes-sigs/controller-tools/releases
-CONTROLLER_TOOLS_VERSION := "v0.2.5"
+CONTROLLER_TOOLS_VERSION := "v0.3.0"
 
 # Use existing cluster instead of starting processes
 USE_EXISTING_CLUSTER ?= true
@@ -22,6 +22,11 @@ endif
 
 all: manager
 
+## clean: cleans dependency directories
+clean:
+	rm -fr $$( which controller-gen )
+	rm -fr ./vendor
+
 ## package-helm: repackage helm charts
 package-helm:
 	@{ \
@@ -43,7 +48,7 @@ test: generate fmt vet manifests
 	USE_EXISTING_CLUSTER=${USE_EXISTING_CLUSTER} go test ./... -coverprofile cover.out
 
 ## manager: Build manager binary
-manager: generate fmt vet
+manager: generate fmt vet manifests
 	go build -o bin/manager main.go
 
 ## run: Run against the configured Kubernetes cluster in ~/.kube/config

diff --git a/api/v1alpha2/sopssecret_types.go b/api/v1alpha2/sopssecret_types.go
@@ -78,6 +78,18 @@ type AzureKmsItem struct {
 	CreationDate string `json:"created_at,omitempty"`
 }
 
+// HcVaultItem defines Hashicorp Vault Key specific encryption details
+type HcVaultItem struct {
+	// +optional
+	VaultAddress string `json:"vault_address,omitempty"`
+	// +optional
+	EnginePath string `json:"engine_path,omitempty"`
+	// +optional
+	KeyName string `json:"key_name,omitempty"`
+	// +optional
+	CreationDate string `json:"created_at,omitempty"`
+}
+
 // GcpKmsDataItem defines GCP KMS Key specific encryption details
 type GcpKmsDataItem struct {
 	// +optional
@@ -102,6 +114,10 @@ type SopsMetadata struct {
 	// +optional
 	AzureKms []AzureKmsItem `json:"azure_kv,omitempty"`
 
+	// HashicorpKms configurarion
+	// +optional
+	HcVault []HcVaultItem `json:"hc_vault,omitempty"`
+
 	// GcpKms configuration
 	// +optional
 	GcpKms []GcpKmsDataItem `json:"gcp_kms,omitempty"`

diff --git a/api/v1alpha2/zz_generated.deepcopy.go b/api/v1alpha2/zz_generated.deepcopy.go
diff --git a/chart/helm2/sops-secrets-operator/Chart.yaml b/chart/helm2/sops-secrets-operator/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v1
-version: 0.3.7
-appVersion: 0.1.5
+version: 0.5.0
+appVersion: 0.1.6
 description: sops secrets operator
 name: sops-secrets-operator
 sources:

diff --git a/chart/helm2/sops-secrets-operator/values.yaml b/chart/helm2/sops-secrets-operator/values.yaml
@@ -6,7 +6,7 @@ replicaCount: 1  # Deployment replica count  - should not be modified
 
 image:
   repository: isindir/sops-secrets-operator  # Operator image
-  tag: 0.1.5  # Operator image tag
+  tag: 0.1.6  # Operator image tag
   pullPolicy: Always  # Operator image pull policy
 
 imagePullSecrets: []  # Secrets to pull image from private docker repository

diff --git a/chart/helm3/sops-secrets-operator/Chart.yaml b/chart/helm3/sops-secrets-operator/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
-version: 0.4.8
-appVersion: 0.1.5
+version: 0.6.0
+appVersion: 0.1.6
 type: application
 description: sops secrets operator
 name: sops-secrets-operator

diff --git a/chart/helm3/sops-secrets-operator/tests/operator_test.yaml b/chart/helm3/sops-secrets-operator/tests/operator_test.yaml
@@ -30,8 +30,8 @@ tests:
             app.kubernetes.io/instance: sops
             app.kubernetes.io/managed-by: Helm
             app.kubernetes.io/name: sops-secrets-operator
-            app.kubernetes.io/version: 0.1.5
-            helm.sh/chart: sops-secrets-operator-0.4.8
+            app.kubernetes.io/version: 0.1.6
+            helm.sh/chart: sops-secrets-operator-0.6.0
 
   # template metadata and spec selector
   - it: should correctly render template metadata and spec selector
@@ -140,7 +140,7 @@ tests:
     asserts:
       - equal:
           path: spec.template.spec.containers[0].image
-          value: isindir/sops-secrets-operator:0.1.5
+          value: isindir/sops-secrets-operator:0.1.6
       - equal:
           path: spec.template.spec.containers[0].imagePullPolicy
           value: Always

diff --git a/chart/helm3/sops-secrets-operator/values.yaml b/chart/helm3/sops-secrets-operator/values.yaml
@@ -6,7 +6,7 @@ replicaCount: 1  # Deployment replica count  - should not be modified
 
 image:
   repository: isindir/sops-secrets-operator  # Operator image
-  tag: 0.1.5  # Operator image tag
+  tag: 0.1.6  # Operator image tag
   pullPolicy: Always  # Operator image pull policy
 
 imagePullSecrets: []  # Secrets to pull image from private docker repository

diff --git a/config/crd/bases/isindir.github.com_sopssecrets.yaml b/config/crd/bases/isindir.github.com_sopssecrets.yaml
@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.2.5
+    controller-gen.kubebuilder.io/version: v0.3.0
   creationTimestamp: null
   name: sopssecrets.isindir.github.com
 spec:
@@ -77,6 +77,22 @@ spec:
                     type: string
                 type: object
               type: array
+            hc_vault:
+              description: HashicorpKms configurarion
+              items:
+                description: HcVaultItem defines Hashicorp Vault Key specific encryption
+                  details
+                properties:
+                  created_at:
+                    type: string
+                  engine_path:
+                    type: string
+                  key_name:
+                    type: string
+                  vault_address:
+                    type: string
+                type: object
+              type: array
             kms:
               description: AwsKms configuration
               items:

diff --git a/controllers/sopssecret_controller.go b/controllers/sopssecret_controller.go
@@ -147,7 +147,7 @@ func (r *SopsSecretReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error)
 			r.Status().Update(context.Background(), instanceEncrypted)
 
 			return reconcile.Result{}, fmt.Errorf(
-				"secret/%s in %s isn't currently owned by sops-secrets-operator",
+				"secret/%s in %s has a conflict with reconciling request sops secret, potential reasons: target k8s secret already existed or managed secret duplicated in multiple sops secrets",
 				foundSecret.Name,
 				foundSecret.Namespace,
 			)