kubernetes-secret-generator icon indicating copy to clipboard operation
kubernetes-secret-generator copied to clipboard

Published 20 hours ago verified publisher icon mittwald

Formatter

Open poelzi opened this issue 3 years ago • 9 comments

This PR adds the possibility to format secret values according to rules defined in the new format.secret-generator.v1.mittwald.de/ annotation prefix. This allows secret-generator to generate specially formatted values containing the newly generated secret.

Some charts or software require the username and password to be formatting in form of a uri. With this addition, it is now possible to use the secret generator with nearly every chart out there.

poelzi avatar Aug 03 '21 22:08 poelzi

There has not been any activity to this pull request in the last 30 days. It will automatically be closed after 7 more days. Remove the stale label to prevent this.

mittwald-machine avatar Sep 03 '21 02:09 mittwald-machine

@martin-helmich can I have a review please ? :)

With this addition, it is possible to the password generator for more helm charts that require special formatted secrets like url formatted secrets. I think this is a very nice addition

poelzi avatar Sep 07 '21 09:09 poelzi

Hey Daniel,

thanks for your contribution 👍 and my apologies for the delay! 🙄🙏

TBH, I was already having mixed feelings before concerning the multitude of different annotations. Configuring the secret generation via annotation is already tedious and only provides limited extensibility.

In #35, we've added the possibility to define generated secrets as Custom Resources, which gives us way more possibilities to define their exact properties in a structured and well-defined way.

I'm thinking if instead, we could possibly extend the CR definition to accept templated expressions (maybe feature-freezing the generation by annotation entirely, in favour of the CR-based generation):

apiVersion: secretgenerator.mittwald.de/v1alpha1
kind: StringSecret
metadata:
  name: example-pw
spec:
  forceRegenerate: false
  data:
    user: testuser
  fields:
    - fieldName: password
      encoding: base64
      length: 32
  dataTemplates:
    - fieldName: loginUri
      template: >
        http://{{ .data.user | base64decode | urlquery }}:{{.data.password | base64decode | urlquery}}@localhost/

Any thoughts are welcome. 🙂

martin-helmich avatar Sep 07 '21 13:09 martin-helmich

There has not been any activity to this pull request in the last 30 days. It will automatically be closed after 7 more days. Remove the stale label to prevent this.

mittwald-machine avatar Oct 08 '21 02:10 mittwald-machine

@martin-helmich I rewrote the patch to use the new CRD. I think the new solution is quite elegant and allows even one template to use the output of a previous template.

poelzi avatar Oct 15 '21 10:10 poelzi

:( this codeclimate is the most annoying code checker i have seen so far. so creating a config file and adjusting one test somehow changes the complete behavior ? I tried different refactoring of the code, I either get complains about code duplication or about 5 arguments even on a internal function, is somehow to much. I tried to increase argument limit, but this does not work eigther

poelzi avatar Oct 15 '21 15:10 poelzi

@poelzi Don't worry about code climate. I think I'm going to remove it from this repo anyways. As you say, it is quite annoying and not that useful for us.

I'm sorry that you had to deal with it.

hensur avatar Oct 18 '21 09:10 hensur

There has not been any activity to this pull request in the last 30 days. It will automatically be closed after 7 more days. Remove the stale label to prevent this.

mittwald-machine avatar Nov 18 '21 02:11 mittwald-machine

There has not been any activity to this pull request in the last 30 days. It will automatically be closed after 7 more days. Remove the stale label to prevent this.

mittwald-machine avatar Dec 26 '21 02:12 mittwald-machine