diff --git a/charts/cluster-secret/Chart.yaml b/charts/cluster-secret/Chart.yaml index 60a5f93..5e561bf 100755 --- a/charts/cluster-secret/Chart.yaml +++ b/charts/cluster-secret/Chart.yaml @@ -3,7 +3,7 @@ name: cluster-secret description: ClusterSecret Operator kubeVersion: '>= 1.16.0-0' type: application -version: 0.2.3 +version: 0.3.0 icon: https://clustersecret.io/assets/csninjasmall.png sources: - https://github.com/zakkg3/ClusterSecret diff --git a/charts/cluster-secret/crds/clustersecret-crd.yaml b/charts/cluster-secret/crds/clustersecret-crd.yaml index 583575f..48a4ef7 100644 --- a/charts/cluster-secret/crds/clustersecret-crd.yaml +++ b/charts/cluster-secret/crds/clustersecret-crd.yaml @@ -10,7 +10,7 @@ spec: shortNames: - csec singular: clustersecret - scope: Namespaced + scope: Cluster versions: - additionalPrinterColumns: - description: Secret Type diff --git a/charts/cluster-secret/templates/role-cluster-rbac.yaml b/charts/cluster-secret/templates/role-cluster-rbac.yaml index 3a76d29..7dad726 100644 --- a/charts/cluster-secret/templates/role-cluster-rbac.yaml +++ b/charts/cluster-secret/templates/role-cluster-rbac.yaml @@ -39,10 +39,13 @@ rules: resources: - clustersecrets verbs: - - list - watch - - patch + - list - get + - patch + - update + - create + - delete - apiGroups: - "" resources: diff --git a/charts/cluster-secret/templates/role-namespaced-rbac.yaml b/charts/cluster-secret/templates/role-namespaced-rbac.yaml index 01c41d8..de0230a 100644 --- a/charts/cluster-secret/templates/role-namespaced-rbac.yaml +++ b/charts/cluster-secret/templates/role-namespaced-rbac.yaml @@ -34,10 +34,3 @@ rules: - create - update - patch -- apiGroups: - - clustersecret.io - resources: - - clustersecrets - verbs: - - get - - patch diff --git a/conformance/k8s_utils.py b/conformance/k8s_utils.py index e35b00b..b53394b 100644 --- a/conformance/k8s_utils.py +++ b/conformance/k8s_utils.py @@ -106,7 +106,6 @@ def _generate_secret_key_ref_dict(secret_key_ref: Dict[str, str]) -> Dict[str, A def create_cluster_secret( self, name: str, - namespace: str, data: Optional[Dict[str, Any]] = None, secret_key_ref: Optional[Dict[str, str]] = None, labels: Optional[Dict[str, str]] = None, @@ -117,10 +116,9 @@ def create_cluster_secret( if data is None and secret_key_ref is None: raise Exception('You need to either define data or secret_key_ref.') - return self.custom_objects_api.create_namespaced_custom_object( + return self.custom_objects_api.create_cluster_custom_object( group="clustersecret.io", version="v1", - namespace=namespace, body={ "apiVersion": "clustersecret.io/v1", "kind": "ClusterSecret", @@ -135,16 +133,14 @@ def create_cluster_secret( def update_data_cluster_secret( self, name: str, - namespace: str, data: Dict[str, str], match_namespace: Optional[List[str]] = None, avoid_namespaces: Optional[List[str]] = None, ): - self.custom_objects_api.patch_namespaced_custom_object( + self.custom_objects_api.patch_cluster_custom_object( name=name, group="clustersecret.io", version="v1", - namespace=namespace, body={ "apiVersion": "clustersecret.io/v1", "kind": "ClusterSecret", @@ -160,11 +156,10 @@ def delete_cluster_secret( name: str, namespace: str ): - self.custom_objects_api.delete_namespaced_custom_object( + self.custom_objects_api.delete_cluster_custom_object( name=name, group="clustersecret.io", version="v1", - namespace=namespace, plural="clustersecrets", ) diff --git a/conformance/tests.py b/conformance/tests.py index 9ef193b..0e70577 100644 --- a/conformance/tests.py +++ b/conformance/tests.py @@ -57,7 +57,6 @@ def test_simple_cluster_secret(self): self.cluster_secret_manager.create_cluster_secret( name=name, - namespace=USER_NAMESPACES[0], data={"username": username_data} ) @@ -76,7 +75,6 @@ def test_complex_cluster_secret(self): # Create a secret in all user namespace expect the first one self.cluster_secret_manager.create_cluster_secret( name=name, - namespace=USER_NAMESPACES[0], data={"username": username_data}, match_namespace=["example-*"], avoid_namespaces=[USER_NAMESPACES[0]] @@ -99,7 +97,6 @@ def test_patch_cluster_secret_data(self): # Create a secret with username_data self.cluster_secret_manager.create_cluster_secret( name=name, - namespace=USER_NAMESPACES[0], data={"username": username_data}, ) @@ -115,7 +112,6 @@ def test_patch_cluster_secret_data(self): self.cluster_secret_manager.update_data_cluster_secret( name=name, data={"username": updated_data}, - namespace=USER_NAMESPACES[0], ) # Ensure the secrets are updated with the right data (at some point) @@ -133,7 +129,6 @@ def test_patch_cluster_secret_match_namespaces(self): self.cluster_secret_manager.create_cluster_secret( name=name, - namespace=USER_NAMESPACES[0], data={"username": username_data}, match_namespace=[ USER_NAMESPACES[0] @@ -154,7 +149,6 @@ def test_patch_cluster_secret_match_namespaces(self): # Update the cluster match_namespace to ALL user namespace self.cluster_secret_manager.update_data_cluster_secret( name=name, - namespace=USER_NAMESPACES[0], match_namespace=USER_NAMESPACES, data={"username": username_data}, ) @@ -174,7 +168,6 @@ def test_simple_cluster_secret_deleted(self): self.cluster_secret_manager.create_cluster_secret( name=name, - namespace=USER_NAMESPACES[0], data={"username": username_data} ) @@ -217,7 +210,6 @@ def test_value_from_cluster_secret(self): # Create the cluster secret self.cluster_secret_manager.create_cluster_secret( name=cluster_secret_name, - namespace=USER_NAMESPACES[0], secret_key_ref={ 'name': secret_name, 'namespace': USER_NAMESPACES[0], @@ -251,7 +243,6 @@ def test_value_from_with_keys_cluster_secret(self): # Create the cluster secret self.cluster_secret_manager.create_cluster_secret( name=cluster_secret_name, - namespace=USER_NAMESPACES[0], secret_key_ref={ 'name': secret_name, 'namespace': USER_NAMESPACES[0], @@ -281,7 +272,6 @@ def test_simple_cluster_secret_with_annotation(self): cluster_secret_manager.create_cluster_secret( name=name, - namespace=USER_NAMESPACES[0], data={"username": username_data}, annotations=annotations, ) diff --git a/setup.cfg b/setup.cfg index 31eba5c..56b4bcf 100644 --- a/setup.cfg +++ b/setup.cfg @@ -2,7 +2,7 @@ max-line-length = 120 exclude= src/tests -ignore=D103,D401,D400,D200,D100,DAR201,WPS305,WPS111,DAR101,WPS326,WPS226,N400,I001,I002,I003,I004,I005,WPS221,WPS237,DAR401,WPS432,WPS211,WPS440,WPS462,WPS210,WPS229,S105,WPS229,WPS202,WPS213,WPS110,WPS238,WPS231 +ignore=D103,D102,D401,D400,D200,D100,DAR201,WPS305,WPS111,DAR101,WPS326,WPS226,N400,I001,I002,I003,I004,I005,WPS221,WPS237,DAR401,WPS432,WPS211,WPS440,WPS462,WPS210,WPS229,S105,WPS229,WPS202,WPS213,WPS110,WPS238,WPS231 [darglint] docstring_style=numpy \ No newline at end of file diff --git a/src/handlers.py b/src/handlers.py index d511cbb..769c783 100644 --- a/src/handlers.py +++ b/src/handlers.py @@ -14,6 +14,8 @@ from os_utils import in_cluster +csecs: Dict[str, Any] = {} + # Loading kubeconfig if in_cluster(): # Loading kubeconfig @@ -98,7 +100,6 @@ def on_field_match_namespace( logger.debug(f'Patching clustersecret {name} in namespace {namespace}') patch_clustersecret_status( logger=logger, - namespace=namespace, name=name, new_status={'create_fn': {'syncedns': updated_matched}}, custom_objects_api=custom_objects_api, diff --git a/src/kubernetes_utils.py b/src/kubernetes_utils.py index 779c6b3..444b5cd 100644 --- a/src/kubernetes_utils.py +++ b/src/kubernetes_utils.py @@ -12,11 +12,10 @@ def patch_clustersecret_status( - logger: logging.Logger, - namespace: str, - name: str, - new_status, - custom_objects_api: CustomObjectsApi, + logger: logging.Logger, + name: str, + new_status, + custom_objects_api: CustomObjectsApi, ): """Patch the status of a given clustersecret object """ @@ -25,10 +24,9 @@ def patch_clustersecret_status( plural = 'clustersecrets' # Retrieve the clustersecret object - clustersecret = custom_objects_api.get_namespaced_custom_object( + clustersecret = custom_objects_api.get_cluster_custom_object( group=group, version=version, - namespace=namespace, plural=plural, name=name, ) @@ -38,10 +36,9 @@ def patch_clustersecret_status( logger.debug(f'Updated clustersecret manifest: {clustersecret}') # Perform a patch operation to update the custom resource - custom_objects_api.patch_namespaced_custom_object( + custom_objects_api.patch_cluster_custom_object( group=group, version=version, - namespace=namespace, plural=plural, name=name, body=clustersecret, diff --git a/yaml/00_rbac.yaml b/yaml/00_rbac.yaml index 1df6754..f82d3fc 100644 --- a/yaml/00_rbac.yaml +++ b/yaml/00_rbac.yaml @@ -6,7 +6,7 @@ metadata: apiVersion: v1 kind: ServiceAccount metadata: - namespace: "clustersecret" + namespace: clustersecret name: clustersecret-account --- apiVersion: rbac.authorization.k8s.io/v1 @@ -33,8 +33,7 @@ rules: # Application: read-only access for watching cluster-wide. - apiGroups: [clustersecret.io] resources: [clustersecrets] - verbs: [list, watch, patch, get] - + verbs: [watch, list, get, patch, update, create, delete] # Watch namespaces - apiGroups: [""] resources: [namespaces, namespaces/status] @@ -70,7 +69,7 @@ rules: - apiGroups: [""] resources: [secrets] verbs: [create,update,patch] - + # Application: get and patch clustersecrets for status patching - apiGroups: [clustersecret.io] resources: [clustersecrets] diff --git a/yaml/01_crd.yaml b/yaml/01_crd.yaml index f8bd39c..509000e 100644 --- a/yaml/01_crd.yaml +++ b/yaml/01_crd.yaml @@ -4,7 +4,7 @@ kind: CustomResourceDefinition metadata: name: clustersecrets.clustersecret.io spec: - scope: Namespaced + scope: Cluster group: clustersecret.io versions: - name: v1 diff --git a/yaml/02_deployment.yaml b/yaml/02_deployment.yaml index a37b3d2..eb6f774 100644 --- a/yaml/02_deployment.yaml +++ b/yaml/02_deployment.yaml @@ -26,10 +26,10 @@ spec: port: 8080 periodSeconds: 120 env: - - name: CLUSTER_SECRET_VERSION - value: "v0.0.10" - - name: REPLACE_EXISTING - value: "false" + - name: CLUSTER_SECRET_VERSION + value: "v0.0.10" + - name: REPLACE_EXISTING + value: "false" # imagePullPolicy: Always # Uncomment next lines for debug: # command: