lerentis / bitwarden-crd-operator Goto Github PK
View Code? Open in Web Editor NEWKubernetes Operator to create k8s secrets from bitwarden
License: MIT License
Kubernetes Operator to create k8s secrets from bitwarden
License: MIT License
Hi,
finally got the operaotpr working, but now i have the problem that i cant get secrets working:
I get the folloiwng error message:
Handler 'create_managed_secret' failed with an exception. Will retry. Traceback (most recent call last): File "/usr/lib/python3.10/site-packages/kopf/_core/actions/execution.py", line 276, in execute_handler_once result = await invoke_handler( File "/usr/lib/python3.10/site-packages/kopf/_core/actions/execution.py", line 371, in invoke_handler result = await invocation.invoke( File "/usr/lib/python3.10/site-packages/kopf/_core/actions/invocation.py", line 139, in invoke await asyncio.shie....10/concurrent/futures/thread.py", line 58, in run result = self.fn(*self.args, **self.kwargs) File "/home/bw-operator/kv.py", line 59, in create_managed_secret secret = create_kv(secret, secret_json_object, content_def) File "/home/bw-operator/kv.py", line 22, in create_kv value = parse_login_scope(secret_json, _secret_key) File "/home/bw-operator/utils/utils.py", line 45, in parse_login_scope return secret_json["data"]["login"][key] TypeError: 'NoneType' object is not subscriptable
Any idea or hint why its not wortking?
Have a nice day,
Michel
Hi,
I was wondering if there is a way to add labels to the secret? Some applications need them f.e. argocd.
Example:
spec:
content:
- element:
secretName: 'username' # for example password
secretRef: 'username'
secretScope: 'login' # for custom entries on bitwarden use 'fields'
name: 'name'
namespace: 'namespace'
labels:
label: 'xyz'
Is it possible or is there another way?
Regards
Can we add the functionality to create secrets with type kubernetes.io/tls?
With the latest move by the docker hub more and more people are migrating away from it. the bitwarden crd operator should make it easy to move to another registry as well.
Possible candidates:
releases are passing but sbom upload to release is failing
This happens from 0.10.X
With 0.9.X is all good.
โ # docker run --rm -ti --entrypoint sh ghcr.io/lerentis/bitwarden-crd-operator:0.10.2
Unable to find image 'ghcr.io/lerentis/bitwarden-crd-operator:0.10.2' locally
0.10.2: Pulling from lerentis/bitwarden-crd-operator
661ff4d9561e: Already exists
383d1dffd5bc: Already exists
ef0e8474cde5: Already exists
76fa5ba72f96: Already exists
Digest: sha256:4c5a3bc9d70f92160425af8099459ba72206883c4193a2a1d9e487ba0f888b02
Status: Downloaded newer image for ghcr.io/lerentis/bitwarden-crd-operator:0.10.2
/ $ bw
Segmentation fault (core dumped)
/ $
With the current Dockerfile on the main branch, the last BW version that works for me it's ARG BW_VERSION=2023.1.0
Hi,
have the problem that from time to time the operator pod gets logged out. (not sure about the time now)
I got the follwing error:
You are not logged in
and the password lookup fails.
The vaultwarden server isn't restarted, same as the operator. If I restart the operator he is back logged in and working.
Any idea to fix the problem?
Regards,
Michel
Hi, I installed the operator like you wrote in the docs, but im getting the following error:
{"message": "Activity 'bitwarden_signin' failed with an exception. Will retry.", "exc_info": "Traceback (most recent call last):\n File \"/usr/lib/python3.10/site-packages/kopf/_core/actions/execution.py\", line 279, in execute_handler_once\n result = await invoke_handler(\n File \"/usr/lib/python3.10/site-packages/kopf/_core/actions/execution.py\", line 374, in invoke_handler\n result = await invocation.invoke(\n File \"/usr/lib/python3.10/site-packages/kopf/_core/actions/invocation.py\", line 139, in invoke\n await asyncio.shield(future) # slightly expensive: creates tasks\n File \"/usr/lib/python3.10/concurrent/futures/thread.py\", line 58, in run\n result = self.fn(*self.args, **self.kwargs)\n File \"/home/bw-operator/bitwardenCrdOperator.py\", line 19, in bitwarden_signin\n command_wrapper(logger, \"login --apikey\")\n File \"/home/bw-operator/utils/utils.py\", line 35, in command_wrapper\n resp = json.loads(out.decode(encoding='UTF-8'))\n File \"/usr/lib/python3.10/json/__init__.py\", line 346, in loads\n return _default_decoder.decode(s)\n File \"/usr/lib/python3.10/json/decoder.py\", line 337, in decode\n obj, end = self.raw_decode(s, idx=_w(s, 0).end())\n File \"/usr/lib/python3.10/json/decoder.py\", line 355, in raw_decode\n raise JSONDecodeError(\"Expecting value\", s, err.value) from None\njson.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)", "timestamp": "2023-05-09T00:30:55.035056+00:00", "severity": "error"}
Any idea how to fix it? Do you need more informations?
Hi,
I wanted to upgrade to the latest version of the operator, however the deployment gets stuck in a restart loop because of a Python error (see below). Unfortunately, I don't have time right now to debug further, so I downgraded back to 0.7.1 which works fine
Output of the signin action
{
"message": "Activity 'bitwarden_signin' failed with an exception. Will retry.",
"exc_info": "Traceback (most recent call last):\n File \"/usr/lib /python3.11/site-packages/kopf/_core/actions/execution.py\", line 276, in execute_handler_once\n result = await invoke_handler(\n ^^ ^^^^^^^^^^^^^^^^^^^\n File \"/usr/lib/python3.11/site-packages/kopf/_core/actions/execution.py\", line 371, in invoke_handler\n result = await invocation.invoke(\n ^^^^^^^^^^^^^^^^^^^^^^^^\n File \"/usr/lib/python3.11/site-packages/kopf/_core/actions/invocation.py\", line 139, in invoke\n await asyncio.shield(future) # slightly expensive: creates tasks\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"/usr/lib/python3.11/c oncurrent/futures/thread.py\", line 58, in run\n result = self.fn(*self.args, **self.kwargs)\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"/home/bw-operator/bitwardenCrdOperator.py\", line 19, in bitwarden_signin\n command_wrapper(logger, \"login --apikey\")\n File \"/home/ bw-operator/utils/utils.py\", line 35, in command_wrapper\n resp = json.loads(out.decode(encoding='UTF-8'))\n ^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^\n File \"/usr/lib/python3.11/json/__init__.py\", line 346, in loads\n return _default_decoder.decode(s)\n ^^^^^^^^^^ ^^^^^^^^^^^^^^^^\n File \"/usr/lib/python3.11/json/decoder.py\", line 337, in decode\n obj, end = self.raw_decode(s, idx=_w(s, 0).end())\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"/usr/lib/python3.11/json/decoder.py\", line 355, in raw_decode\n raise JSONDecodeErro r(\"Expecting value\", s, err.value) from None\njson.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)",
"timestamp": "2023-06-15T 13:59:18.613253+00:00",
"severity": "error"
}
Hey there,
with your newest version 0.6.0 there might be a bug.
Trying to read a custom field from my bitwarden. SecretScope is set to fields
. Tested it numerous times. The only scope which is working is the login
scope.
Even tested it manually with the Bitwarden CLI to check, if there is anything there. There is.
Downgraded to 0.5.4 and have no problems, even with custom fields.
Might have to do with your recent changes to utils.py
in parse_fields_scope
. :)
Let me know if you need any more information.
Hi,
is it possible to extend the template of the secret to add additional custom annotations?
There should be a CI pipeline that runs chart testing as a minimum
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.