From ea68cfc2b442cd772b6a990ca1e0407bae54f84d Mon Sep 17 00:00:00 2001 From: Joris Coenen Date: Mon, 11 Apr 2022 12:10:22 +0200 Subject: [PATCH 1/2] Persist OwnerReferences when 1Password item is updated --- CHANGELOG.md | 2 +- pkg/onepassword/secret_update_handler.go | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7519382c..a127222f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,7 +8,7 @@ ## Fixes -- A user-friendly description of a fix. {issue-number} +- OwnerReferences on secrets are now persisted after an item is updated. {#101} ## Security diff --git a/pkg/onepassword/secret_update_handler.go b/pkg/onepassword/secret_update_handler.go index a7a0c7c5..b677bd33 100644 --- a/pkg/onepassword/secret_update_handler.go +++ b/pkg/onepassword/secret_update_handler.go @@ -140,9 +140,9 @@ func (h *SecretUpdateHandler) updateKubernetesSecrets() (map[string]map[string]* log.Info(fmt.Sprintf("Updating kubernetes secret '%v'", secret.GetName())) secret.Annotations[VersionAnnotation] = itemVersion secret.Annotations[ItemPathAnnotation] = itemPathString - updatedSecret := kubeSecrets.BuildKubernetesSecretFromOnePasswordItem(secret.Name, secret.Namespace, secret.Annotations, secret.Labels, string(secret.Type), *item, nil) - log.Info(fmt.Sprintf("New secret path: %v and version: %v", updatedSecret.Annotations[ItemPathAnnotation], updatedSecret.Annotations[VersionAnnotation])) - h.client.Update(context.Background(), updatedSecret) + secret.Data = kubeSecrets.BuildKubernetesSecretData(item.Fields, item.Files) + log.Info(fmt.Sprintf("New secret path: %v and version: %v", secret.Annotations[ItemPathAnnotation], secret.Annotations[VersionAnnotation])) + h.client.Update(context.Background(), &secret) if updatedSecrets[secret.Namespace] == nil { updatedSecrets[secret.Namespace] = make(map[string]*corev1.Secret) } From d4b04c233ccb6632b8964beb318d1da64298593a Mon Sep 17 00:00:00 2001 From: Joris Coenen Date: Mon, 11 Apr 2022 12:11:05 +0200 Subject: [PATCH 2/2] Add missing error checks --- pkg/onepassword/secret_update_handler.go | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/pkg/onepassword/secret_update_handler.go b/pkg/onepassword/secret_update_handler.go index b677bd33..1d220a30 100644 --- a/pkg/onepassword/secret_update_handler.go +++ b/pkg/onepassword/secret_update_handler.go @@ -134,7 +134,10 @@ func (h *SecretUpdateHandler) updateKubernetesSecrets() (map[string]map[string]* log.Info(fmt.Sprintf("Secret '%v' has been updated in 1Password but is set to be ignored. Updates to an ignored secret will not trigger an update to a kubernetes secret or a rolling restart.", secret.GetName())) secret.Annotations[VersionAnnotation] = itemVersion secret.Annotations[ItemPathAnnotation] = itemPathString - h.client.Update(context.Background(), &secret) + if err := h.client.Update(context.Background(), &secret); err != nil { + log.Error(err, "failed to update secret %s annotations to version %d: %s", secret.Name, itemVersion, err) + continue + } continue } log.Info(fmt.Sprintf("Updating kubernetes secret '%v'", secret.GetName())) @@ -142,7 +145,10 @@ func (h *SecretUpdateHandler) updateKubernetesSecrets() (map[string]map[string]* secret.Annotations[ItemPathAnnotation] = itemPathString secret.Data = kubeSecrets.BuildKubernetesSecretData(item.Fields, item.Files) log.Info(fmt.Sprintf("New secret path: %v and version: %v", secret.Annotations[ItemPathAnnotation], secret.Annotations[VersionAnnotation])) - h.client.Update(context.Background(), &secret) + if err := h.client.Update(context.Background(), &secret); err != nil { + log.Error(err, "failed to update secret %s to version %d: %s", secret.Name, itemVersion, err) + continue + } if updatedSecrets[secret.Namespace] == nil { updatedSecrets[secret.Namespace] = make(map[string]*corev1.Secret) }