fix: Improve logging and update pipeline tools and gpg readme documen…

…t; bump patch version (#19) * Set sops log level to Info * fix: improve logging * update charts and docker image version * update tools in pipeline * fix readme Co-authored-by: lmolas <[email protected]>
isindir · Sep 1, 2020 · f4c8380 · f4c8380
1 parent d88951b
commit f4c8380
Show file tree

Hide file tree

Showing 13 changed files with 123 additions and 40 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -13,7 +13,7 @@ jobs:
       # https://github.com/kubernetes-sigs/kubebuilder/releases
       KUBEBUILDER_VERSION: 2.3.1
       # https://github.com/kubernetes-sigs/kustomize/releases
-      KUSTOMIZE_VERSION: v3.8.1
+      KUSTOMIZE_VERSION: v3.8.2
       # https://github.com/github/hub/releases
       HUB_VERSION: 2.14.2
       # https://github.com/git-chglog/git-chglog/releases
@@ -82,19 +82,17 @@ jobs:
     environment:
       # https://github.com/kubernetes/kubernetes/releases
       K8S_VERSION: v1.18.2
-      # https://github.com/kubernetes-sigs/kind/releases
-      KIND_VERSION: v0.8.1
       # https://github.com/rancher/k3d/releases
-      K3D_VERSION: v3.0.0
+      K3D_VERSION: v3.0.1
       # https://github.com/helm/helm/releases
-      HELM_VERSION: v3.2.4
+      HELM_VERSION: v3.3.1
       GOLANG_VERSION: 1.14.4
       # https://github.com/kubernetes-sigs/kubebuilder/releases
       KUBEBUILDER_VERSION: 2.3.1
       # https://github.com/mozilla/sops/releases
       SOPS_VERSION: v3.6.0
       # https://github.com/kubernetes-sigs/kustomize/releases
-      KUSTOMIZE_VERSION: v3.8.1
+      KUSTOMIZE_VERSION: v3.8.2
 
       KUBECONFIG: /home/circleci/.kube/config
 

diff --git a/Makefile b/Makefile
@@ -1,6 +1,6 @@
 SHELL := /bin/bash
 GO := GO15VENDOREXPERIMENT=1 GO111MODULE=on GOPROXY=https://proxy.golang.org go
-SOPS_SEC_OPERATOR_VERSION := 0.1.0
+SOPS_SEC_OPERATOR_VERSION := 0.1.1
 
 # https://github.com/kubernetes-sigs/controller-tools/releases
 CONTROLLER_TOOLS_VERSION := "v0.2.5"

diff --git a/chart/helm2/sops-secrets-operator/Chart.yaml b/chart/helm2/sops-secrets-operator/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v1
-version: 0.3.0
-appVersion: 0.1.0
+version: 0.3.1
+appVersion: 0.1.1
 description: sops secrets operator
 name: sops-secrets-operator
 sources:

diff --git a/chart/helm2/sops-secrets-operator/values.yaml b/chart/helm2/sops-secrets-operator/values.yaml
@@ -6,7 +6,7 @@ replicaCount: 1  # Deployment replica count  - should not be modified
 
 image:
   repository: isindir/sops-secrets-operator  # Operator image
-  tag: 0.1.0  # Operator image tag
+  tag: 0.1.1  # Operator image tag
   pullPolicy: Always  # Operator image pull policy
 
 imagePullSecrets: []  # Secrets to pull image from private docker repository

diff --git a/chart/helm3/sops-secrets-operator/Chart.yaml b/chart/helm3/sops-secrets-operator/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
-version: 0.4.0
-appVersion: 0.1.0
+version: 0.4.1
+appVersion: 0.1.1
 type: application
 description: sops secrets operator
 name: sops-secrets-operator

diff --git a/chart/helm3/sops-secrets-operator/values.yaml b/chart/helm3/sops-secrets-operator/values.yaml
@@ -6,7 +6,7 @@ replicaCount: 1  # Deployment replica count  - should not be modified
 
 image:
   repository: isindir/sops-secrets-operator  # Operator image
-  tag: 0.1.0  # Operator image tag
+  tag: 0.1.1  # Operator image tag
   pullPolicy: Always  # Operator image pull policy
 
 imagePullSecrets: []  # Secrets to pull image from private docker repository

diff --git a/controllers/sopssecret_controller.go b/controllers/sopssecret_controller.go
@@ -6,6 +6,7 @@ import (
 	"fmt"
 
 	"github.com/go-logr/logr"
+	"github.com/sirupsen/logrus"
 	corev1 "k8s.io/api/core/v1"
 	apiequality "k8s.io/apimachinery/pkg/api/equality"
 	"k8s.io/apimachinery/pkg/api/errors"
@@ -21,6 +22,7 @@ import (
 
 	"go.mozilla.org/sops/v3"
 	sopsaes "go.mozilla.org/sops/v3/aes"
+	sopslogging "go.mozilla.org/sops/v3/logging"
 	sopsdotenv "go.mozilla.org/sops/v3/stores/dotenv"
 	sopsjson "go.mozilla.org/sops/v3/stores/json"
 	sopsyaml "go.mozilla.org/sops/v3/stores/yaml"
@@ -42,8 +44,7 @@ func (r *SopsSecretReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error)
 	_ = context.Background()
 	_ = r.Log.WithValues("sopssecret", req.NamespacedName)
 
-	// my logic here
-	r.Log.Info("Reconciling SopsSecret")
+	r.Log.Info("Reconciling", "sopssecret", req.NamespacedName)
 
 	instanceEncrypted := &isindirv1alpha2.SopsSecret{}
 	err := r.Get(context.TODO(), req.NamespacedName, instanceEncrypted)
@@ -52,23 +53,37 @@ func (r *SopsSecretReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error)
 			// Request object not found, could have been deleted after reconcile request.
 			// Owned objects are automatically garbage collected. For additional cleanup logic use finalizers.
 			// Return and don't requeue
-			r.Log.Info("Request object not found, could have been deleted after reconcile request.")
+			r.Log.Info(
+				"Request object not found, could have been deleted after reconcile request",
+				"sopssecret",
+				req.NamespacedName,
+			)
 			return reconcile.Result{}, nil
 		}
 		// Error reading the object - requeue the request.
-		r.Log.Info("Error reading the object - requeue the request.")
+		r.Log.Info(
+			"Error reading the object - requeue the request",
+			"sopssecret",
+			req.NamespacedName,
+		)
 		return reconcile.Result{}, err
 	}
 
 	instance, err := decryptSopsSecretInstance(instanceEncrypted, r.Log)
 	if err != nil {
-		r.Log.Info("Decryption error.")
+		r.Log.Info(
+			"Decryption error",
+			"sopssecret",
+			req.NamespacedName,
+			"error",
+			err,
+		)
 		return reconcile.Result{}, err
 	}
 
 	// Garbage collection logic - using the fact that owned objects automatically get cleaned up by k8s
 
-	r.Log.Info("Enetring template data loop.")
+	r.Log.Info("Enetring template data loop", "sopssecret", req.NamespacedName)
 	for _, secretTemplateValue := range instance.Spec.SecretsTemplate {
 		// Define a new secret object
 		newSecret, err := newSecretForCR(instance, &secretTemplateValue, r.Log)
@@ -96,7 +111,13 @@ func (r *SopsSecretReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error)
 			foundSecret,
 		)
 		if errors.IsNotFound(err) {
-			r.Log.Info("Creating a new Secret")
+			r.Log.Info(
+				"Creating a new Secret",
+				"sopssecret",
+				req.NamespacedName,
+				"message",
+				err,
+			)
 			err = r.Create(context.TODO(), newSecret)
 			foundSecret = newSecret.DeepCopy()
 		}
@@ -105,7 +126,11 @@ func (r *SopsSecretReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error)
 		}
 
 		if !metav1.IsControlledBy(foundSecret, instance) {
-			return reconcile.Result{}, fmt.Errorf("secret isn't currently owned by sops-secrets-operator")
+			return reconcile.Result{}, fmt.Errorf(
+				"secret/%s in %s isn't currently owned by sops-secrets-operator",
+				foundSecret.Name,
+				foundSecret.Namespace,
+			)
 		}
 
 		origSecret := foundSecret
@@ -117,7 +142,13 @@ func (r *SopsSecretReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error)
 		foundSecret.ObjectMeta.Labels = newSecret.ObjectMeta.Labels
 
 		if !apiequality.Semantic.DeepEqual(origSecret, foundSecret) {
-			r.Log.Info("Secret already exists and needs updated")
+			r.Log.Info(
+				"Secret already exists and needs to be refreshed",
+				"secret",
+				foundSecret.Name,
+				"namespace",
+				foundSecret.Namespace,
+			)
 			if err = r.Update(context.TODO(), foundSecret); err != nil {
 				return reconcile.Result{}, err
 			}
@@ -129,6 +160,9 @@ func (r *SopsSecretReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error)
 
 // SetupWithManager - setup with manager
 func (r *SopsSecretReconciler) SetupWithManager(mgr ctrl.Manager) error {
+
+	sopslogging.SetLevel(logrus.InfoLevel)
+
 	return ctrl.NewControllerManagedBy(mgr).
 		For(&isindirv1alpha2.SopsSecret{}).
 		Complete(r)
@@ -161,15 +195,19 @@ func newSecretForCR(
 		return nil, fmt.Errorf("newSecretForCR(): secret template name must be specified and not empty string")
 	}
 
-	reqLogger.Info(fmt.Sprintf(
-		"Processing secret %s.%s.%s.%s %s:%s",
-		cr.Kind,
-		cr.APIVersion,
-		cr.Name,
+	reqLogger.Info("Processing", "sopssecret",
+		fmt.Sprintf(
+			"%s.%s.%s",
+			cr.Kind,
+			cr.APIVersion,
+			cr.Name,
+		),
+		"type",
 		secretTpl.Type,
-		cr.Namespace,
-		secretTpl.Name,
-	))
+		"namespace", cr.Namespace,
+		"templateItem",
+		fmt.Sprintf("secret/%s", secretTpl.Name),
+	)
 
 	kubeSecretType := getSecretType(secretTpl.Type)
 
@@ -222,20 +260,32 @@ func decryptSopsSecretInstance(
 	instance := &isindirv1alpha2.SopsSecret{}
 	reqBodyBytes, err := json.Marshal(instanceEncrypted)
 	if err != nil {
-		reqLogger.Info("Failed to convert encrypted sops secret to bytes[].")
+		reqLogger.Info(
+			"Failed to convert encrypted sops secret to bytes[]",
+			"error",
+			err,
+		)
 		return nil, err
 	}
 
 	decryptedInstanceBytes, err := customDecryptData(reqBodyBytes, "json")
 	if err != nil {
-		reqLogger.Info("Failed to Decrypt encrypted sops secret instance.")
+		reqLogger.Info(
+			"Failed to Decrypt encrypted sops secret instance",
+			"error",
+			err,
+		)
 		return nil, err
 	}
 
 	// Decrypted instance is empty structure here
 	err = json.Unmarshal(decryptedInstanceBytes, &instance)
 	if err != nil {
-		reqLogger.Info("Failed to Unmarshal decrypted sops secret instance.")
+		reqLogger.Info(
+			"Failed to Unmarshal decrypted sops secret instance",
+			"error",
+			err,
+		)
 		return nil, err
 	}
 

diff --git a/docs/gpg/README.md b/docs/gpg/README.md
@@ -27,10 +27,10 @@ Following files will be generated:
 * `1.yaml` and `2.yaml` - these files should be applied to the namespace where
   `sops-secrets-operator` will be deployed via helm chart.
 
-Sourcing `key-env` sets up working environment for data encryption:
+Sourcing `keys-env` sets up working environment for data encryption:
 
 ```bash
-source ./key-env
+source ./keys-env
 ```
 
 After sourcing sops can be used to encrypt data, for example:

diff --git a/docs/index.yaml b/docs/index.yaml
@@ -1,9 +1,24 @@
 apiVersion: v1
 entries:
   sops-secrets-operator:
+  - apiVersion: v2
+    appVersion: 0.1.1
+    created: "2020-09-01T14:41:02.393129+01:00"
+    description: sops secrets operator
+    digest: 7067eee2ab76e1274f58031707fc422969b6d3d5f771bd76ad43e532496439e0
+    maintainers:
+    - email: [email protected]
+      name: isindir
+    name: sops-secrets-operator
+    sources:
+    - https://github.com/isindir/sops-secrets-operator.git
+    type: application
+    urls:
+    - https://isindir.github.io/sops-secrets-operator/sops-secrets-operator-0.4.1.tgz
+    version: 0.4.1
   - apiVersion: v2
     appVersion: 0.1.0
-    created: "2020-07-25T22:40:54.993254+01:00"
+    created: "2020-09-01T14:41:02.39228+01:00"
     description: sops secrets operator
     digest: f4d9ba94db37d679af817d759bb64aebb7605530b0ba412e264b051440ff3765
     maintainers:
@@ -16,9 +31,23 @@ entries:
     urls:
     - https://isindir.github.io/sops-secrets-operator/sops-secrets-operator-0.4.0.tgz
     version: 0.4.0
+  - apiVersion: v1
+    appVersion: 0.1.1
+    created: "2020-09-01T14:41:02.391404+01:00"
+    description: sops secrets operator
+    digest: 2e2762b8f9d66aab0caacde225955fec8bfd5a4cc10dc6943a1de3809dda4091
+    maintainers:
+    - email: [email protected]
+      name: isindir
+    name: sops-secrets-operator
+    sources:
+    - https://github.com/isindir/sops-secrets-operator.git
+    urls:
+    - https://isindir.github.io/sops-secrets-operator/sops-secrets-operator-0.3.1.tgz
+    version: 0.3.1
   - apiVersion: v1
     appVersion: 0.1.0
-    created: "2020-07-25T22:40:54.992335+01:00"
+    created: "2020-09-01T14:41:02.389999+01:00"
     description: sops secrets operator
     digest: ce84f5b64402a582c7689cb842ba03fb10f968c38b57dc9e05f588493128019a
     maintainers:
@@ -32,7 +61,7 @@ entries:
     version: 0.3.0
   - apiVersion: v2
     appVersion: 0.0.10
-    created: "2020-07-25T22:40:54.991578+01:00"
+    created: "2020-09-01T14:41:02.389443+01:00"
     description: sops secrets operator
     digest: 504fd74af156d7287e52844c5bcd6acff9b43fc67ad960c13272468de22c7807
     maintainers:
@@ -47,7 +76,7 @@ entries:
     version: 0.2.1
   - apiVersion: v1
     appVersion: 0.0.10
-    created: "2020-07-25T22:40:54.989801+01:00"
+    created: "2020-09-01T14:41:02.388525+01:00"
     description: sops secrets operator
     digest: 50b8ebab19008dfc43de1eaee8b0f6287f7a55134585dc6ae88df2520d779f8f
     maintainers:
@@ -59,4 +88,4 @@ entries:
     urls:
     - https://isindir.github.io/sops-secrets-operator/sops-secrets-operator-0.1.10.tgz
     version: 0.1.10
-generated: "2020-07-25T22:40:54.988414+01:00"
+generated: "2020-09-01T14:41:02.38714+01:00"
diff --git a/docs/sops-secrets-operator-0.3.1.tgz b/docs/sops-secrets-operator-0.3.1.tgz
diff --git a/docs/sops-secrets-operator-0.4.1.tgz b/docs/sops-secrets-operator-0.4.1.tgz
diff --git a/go.mod b/go.mod
@@ -6,6 +6,7 @@ require (
 	github.com/go-logr/logr v0.1.0
 	github.com/onsi/ginkgo v1.11.0
 	github.com/onsi/gomega v1.8.1
+	github.com/sirupsen/logrus v1.6.0
 	go.mozilla.org/sops/v3 v3.6.0
 	k8s.io/api v0.17.2
 	k8s.io/apimachinery v0.17.2

diff --git a/go.sum b/go.sum
@@ -200,6 +200,7 @@ github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMyw
 github.com/google/gofuzz v0.0.0-20161122191042-44d81051d367/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI=
 github.com/google/gofuzz v1.0.0 h1:A8PeW59pxE9IoFRqBp37U+mSNaQoZ46F1f0f863XSXw=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/martian v2.1.0+incompatible h1:/CP5g8u/VJHijgedC/Legn3BAbAaWPgecwXBIDzw5no=
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
 github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
 github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
@@ -283,6 +284,8 @@ github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQL
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1 h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/konsorten/go-windows-terminal-sequences v1.0.3 h1:CE8S1cTafDpPvMhIxNJKvHsGVBgn1xWYf1NbHQhywc8=
+github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
 github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
@@ -394,6 +397,8 @@ github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPx
 github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
 github.com/sirupsen/logrus v1.4.2 h1:SPIRibHv4MatM3XXNO2BJeFLZwZ2LvZgfQ5+UNI2im4=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
+github.com/sirupsen/logrus v1.6.0 h1:UBcNElsrwanuuMsnGSlYmtmgbb23qDR5dG+6X6Oo89I=
+github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
 github.com/smartystreets/goconvey v0.0.0-20190710185942-9d28bd7c0945/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=