lerentis / bitwarden-crd-operator Goto Github PK

Hi,

finally got the operaotpr working, but now i have the problem that i cant get secrets working:
I get the folloiwng error message:

Handler 'create_managed_secret' failed with an exception. Will retry. Traceback (most recent call last): File "/usr/lib/python3.10/site-packages/kopf/_core/actions/execution.py", line 276, in execute_handler_once result = await invoke_handler( File "/usr/lib/python3.10/site-packages/kopf/_core/actions/execution.py", line 371, in invoke_handler result = await invocation.invoke( File "/usr/lib/python3.10/site-packages/kopf/_core/actions/invocation.py", line 139, in invoke await asyncio.shie....10/concurrent/futures/thread.py", line 58, in run result = self.fn(*self.args, **self.kwargs) File "/home/bw-operator/kv.py", line 59, in create_managed_secret secret = create_kv(secret, secret_json_object, content_def) File "/home/bw-operator/kv.py", line 22, in create_kv value = parse_login_scope(secret_json, _secret_key) File "/home/bw-operator/utils/utils.py", line 45, in parse_login_scope return secret_json["data"]["login"][key] TypeError: 'NoneType' object is not subscriptable

My bitwarden.yaml

The secret from bw-cli:

The complete error:

Any idea or hint why its not wortking?

Have a nice day,

Michel

Hi,

I was wondering if there is a way to add labels to the secret? Some applications need them f.e. argocd.

Example:

spec:
  content:
    - element:
        secretName: 'username' # for example password
        secretRef: 'username'
        secretScope: 'login' # for custom entries on bitwarden use 'fields'
  name: 'name'
  namespace: 'namespace'
  labels:
    label: 'xyz'

Is it possible or is there another way?

Regards

Can we add the functionality to create secrets with type kubernetes.io/tls?

With the latest move by the docker hub more and more people are migrating away from it. the bitwarden crd operator should make it easy to move to another registry as well.
Possible candidates:

• ghcr.io
• quay.io
• registry.gitlab.com/lerentis/bitwarden-crd-operator

releases are passing but sbom upload to release is failing

This happens from 0.10.X

With 0.9.X is all good.

┗ # docker run --rm -ti --entrypoint sh ghcr.io/lerentis/bitwarden-crd-operator:0.10.2
Unable to find image 'ghcr.io/lerentis/bitwarden-crd-operator:0.10.2' locally
0.10.2: Pulling from lerentis/bitwarden-crd-operator
661ff4d9561e: Already exists
383d1dffd5bc: Already exists
ef0e8474cde5: Already exists
76fa5ba72f96: Already exists
Digest: sha256:4c5a3bc9d70f92160425af8099459ba72206883c4193a2a1d9e487ba0f888b02
Status: Downloaded newer image for ghcr.io/lerentis/bitwarden-crd-operator:0.10.2
/ $ bw
Segmentation fault (core dumped)
/ $

With the current Dockerfile on the main branch, the last BW version that works for me it's ARG BW_VERSION=2023.1.0

Hi,

have the problem that from time to time the operator pod gets logged out. (not sure about the time now)
I got the follwing error:
You are not logged in and the password lookup fails.

The vaultwarden server isn't restarted, same as the operator. If I restart the operator he is back logged in and working.
Any idea to fix the problem?

Regards,

Michel

Hi, I installed the operator like you wrote in the docs, but im getting the following error:

{"message": "Activity 'bitwarden_signin' failed with an exception. Will retry.", "exc_info": "Traceback (most recent call last):\n File \"/usr/lib/python3.10/site-packages/kopf/_core/actions/execution.py\", line 279, in execute_handler_once\n result = await invoke_handler(\n File \"/usr/lib/python3.10/site-packages/kopf/_core/actions/execution.py\", line 374, in invoke_handler\n result = await invocation.invoke(\n File \"/usr/lib/python3.10/site-packages/kopf/_core/actions/invocation.py\", line 139, in invoke\n await asyncio.shield(future) # slightly expensive: creates tasks\n File \"/usr/lib/python3.10/concurrent/futures/thread.py\", line 58, in run\n result = self.fn(*self.args, **self.kwargs)\n File \"/home/bw-operator/bitwardenCrdOperator.py\", line 19, in bitwarden_signin\n command_wrapper(logger, \"login --apikey\")\n File \"/home/bw-operator/utils/utils.py\", line 35, in command_wrapper\n resp = json.loads(out.decode(encoding='UTF-8'))\n File \"/usr/lib/python3.10/json/__init__.py\", line 346, in loads\n return _default_decoder.decode(s)\n File \"/usr/lib/python3.10/json/decoder.py\", line 337, in decode\n obj, end = self.raw_decode(s, idx=_w(s, 0).end())\n File \"/usr/lib/python3.10/json/decoder.py\", line 355, in raw_decode\n raise JSONDecodeError(\"Expecting value\", s, err.value) from None\njson.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)", "timestamp": "2023-05-09T00:30:55.035056+00:00", "severity": "error"}

Any idea how to fix it? Do you need more informations?

Hi,

I wanted to upgrade to the latest version of the operator, however the deployment gets stuck in a restart loop because of a Python error (see below). Unfortunately, I don't have time right now to debug further, so I downgraded back to 0.7.1 which works fine

Output of the signin action

{
  "message": "Activity 'bitwarden_signin' failed with an exception. Will retry.",
  "exc_info": "Traceback (most recent call last):\n  File \"/usr/lib /python3.11/site-packages/kopf/_core/actions/execution.py\", line 276, in execute_handler_once\n    result = await invoke_handler(\n             ^^ ^^^^^^^^^^^^^^^^^^^\n  File \"/usr/lib/python3.11/site-packages/kopf/_core/actions/execution.py\", line 371, in invoke_handler\n    result = await  invocation.invoke(\n             ^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"/usr/lib/python3.11/site-packages/kopf/_core/actions/invocation.py\", line 139,  in invoke\n    await asyncio.shield(future)  # slightly expensive: creates tasks\n    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"/usr/lib/python3.11/c oncurrent/futures/thread.py\", line 58, in run\n    result = self.fn(*self.args, **self.kwargs)\n             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n   File \"/home/bw-operator/bitwardenCrdOperator.py\", line 19, in bitwarden_signin\n    command_wrapper(logger, \"login --apikey\")\n  File \"/home/ bw-operator/utils/utils.py\", line 35, in command_wrapper\n    resp = json.loads(out.decode(encoding='UTF-8'))\n           ^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^\n  File \"/usr/lib/python3.11/json/__init__.py\", line 346, in loads\n    return _default_decoder.decode(s)\n           ^^^^^^^^^^ ^^^^^^^^^^^^^^^^\n  File \"/usr/lib/python3.11/json/decoder.py\", line 337, in decode\n    obj, end = self.raw_decode(s, idx=_w(s, 0).end())\n                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"/usr/lib/python3.11/json/decoder.py\", line 355, in raw_decode\n    raise JSONDecodeErro r(\"Expecting value\", s, err.value) from None\njson.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)",
  "timestamp": "2023-06-15T 13:59:18.613253+00:00",
  "severity": "error"
}

Hey there,
with your newest version 0.6.0 there might be a bug.
Trying to read a custom field from my bitwarden. SecretScope is set to fields. Tested it numerous times. The only scope which is working is the login scope.
Even tested it manually with the Bitwarden CLI to check, if there is anything there. There is.
Downgraded to 0.5.4 and have no problems, even with custom fields.
Might have to do with your recent changes to utils.py in parse_fields_scope. :)
Let me know if you need any more information.

Hi,
is it possible to extend the template of the secret to add additional custom annotations?

I'm getting a big CPU and memory usage.

Are you also having similar problems?

There should be a CI pipeline that runs chart testing as a minimum