Allow lookup of secrets by name.

[joaogbcravo]

My second attempt to merge this feature.. 1 year after :)

Allows getting Bitwarden secrets using the name of the Bitwarden Secret and its location (in a collection) instead of an ID.

Also, reduce duplication of code and improve some logic.

[joaogbcravo]

@Lerentis any thoughts on this one?

[Lerentis]

@joaogbcravo i will have a look over the weekend 👍

[joaogbcravo]

write a changelog

On the chart.yaml or somewhere else?

[Lerentis]

write a changelog

On the chart.yaml or somewhere else?

yep it will be listed on artifacthub: https://artifacthub.io/packages/helm/lerentis/bitwarden-crd-operator?modal=changelog

[joaogbcravo]

write a changelog

On the chart.yaml or somewhere else?

yep it will be listed on artifacthub: https://artifacthub.io/packages/helm/lerentis/bitwarden-crd-operator?modal=changelog

Addressed your comments on the last commit.

[Lerentis]

@joaogbcravo does this code work for you? in my tests the secrets are no longer created by the operator. looks like there is a logical error in the chain of events.

  Normal   Logging  61s   kopf  Secret default/test-secret has been created
  Normal   Logging  61s   kopf  Handler 'create_managed_secret' succeeded.
  Warning  Logging  61s   kopf  Could not update secret default/test-secret!

kubectl get secrets -n default
No resources found in default namespace.

my test setup:

kind v0.22.0 go1.22.0 linux/amd64 Server Version: v1.29.2

kind create cluster
checkout your branch
docker build -t test .
kind load docker-image test
helm upgrade --install -n bitwarden-crd-operator bitwarden-crd-operator -f charts/bitwarden-crd-operator/myvalues.yaml charts/bitwarden-crd-operator/ --set image.tag=latest --set image.repository=test --create-namespace
kubectl apply -f example*.yaml

other than that the example is still missing a required name

[joaogbcravo]

@Lerentis I can't test your examples, I don't have those secrets IDs on my vaults. Do you have more logs around that failure?

My setup: ` k3d version v5.6.0 k3s version v1.27.4-k3s1 (default)

Client Version: v1.28.7 Server Version: v1.27.4+k3s1 `

But I tested with mine

Name:         test-scope
Namespace:    default
Labels:       <none>
Annotations:  kopf.zalando.org/last-handled-configuration: (...)
API Version:  lerentis.uploadfilter24.eu/v1beta6
Kind:         BitwardenSecret
Metadata:
  Creation Timestamp:  2024-02-28T08:14:50Z
  Finalizers:
    kopf.zalando.org/KopfFinalizerMarker
  Generation:        1
  Resource Version:  30979
  UID:               2c42b909-221b-42a0-8897-2beb8a365c55
Spec:
  Content:
    Element:
      Secret Name:   username
      Secret Ref:    usernameZZZ
      Secret Scope:  login
    Element:
      Secret Name:   password
      Secret Ref:    passwordZZZ
      Secret Scope:  login
    Element:
      Secret Name:   TestSecretCustomField
      Secret Ref:    TestSecretCustomFieldZZZ
      Secret Scope:  fields
    Element:
      Secret Name:   testattach
      Secret Ref:    testattachZZZ
      Secret Scope:  attachment
  Id:                db2a5efe-25f0-0bb1-844c-b14a01150cb0
  Name:              test-scope
  Namespace:         default
Events:
  Type    Reason   Age   From  Message
  ----    ------   ----  ----  -------
  Normal  Logging  5s    kopf  Already unlocked
  Normal  Logging  5s    kopf  Locking up secret with ID: db2a5efe-25f0-0bb1-844c-b14a01150cb0
  Normal  Logging  5s    kopf  Already unlocked
  Normal  Logging  5s    kopf  Locking up secret with ID: db2a5efe-25f0-0bb1-844c-b14a01150cb0
  Normal  Logging  4s    kopf  Sync successful {'success': True, 'data': {'noColor': False, 'object': 'message', 'title': 'Syncing complete.', 'message': None}}
  Normal  Logging  4s    kopf  Sync successful None
  Normal  Logging  4s    kopf  Sync successful {'success': True, 'data': {'noColor': False, 'object': 'message', 'title': 'Syncing complete.', 'message': None}}
  Normal  Logging  4s    kopf  Sync successful None
  Normal  Logging  3s    kopf  Secret default/test-scope has been created
  Normal  Logging  3s    kopf  Handler 'create_managed_secret' succeeded.
  Normal  Logging  3s    kopf  Creation is processed: 1 succeeded; 0 failed.
  Normal  Logging  3s    kopf  Secret default/test-scope has been updated
  Normal  Logging  3s    kopf  Timer 'update_managed_secret' succeeded.

[notion-workspace[bot]]

Review bitwarden crd PR

[joaogbcravo]

@Lerentis Friendly ping :) Anything I can do to help you?

[Lerentis]

I will try to debug this over the weekend. Sorry for the delay

[Lerentis]

Hi @joaogbcravo , i tried a couple of configurations over the weekend (kind, minikube and a kops created cluster on hetzner) but i can not get this code to work. it just simply silently fails to create the managed secret, while the logs just state that it does. frustratingly i can not even pin point the reason why the secret is not created. in an upgrade situation (current main to your PR) all managed secrets were deleted from the cluster. The code on main works without issues, so this is somewhere in the execution flow of this change.

in this state i can not merge this PR. i dont know if k3s is doing something different but if it does it is not api compatible with kopf i fear. If you can provide working code with kind/minikube for testing i reconsider this but for now i will not continue to debug this

[joaogbcravo]

Thanks @Lerentis, I will try with minikube.

[joaogbcravo]

Just tried with Minikube:

$ minikube version
minikube version: v1.29.0
commit: ddac20b4b34a9c8c857fc602203b6ba2679794d3

And I managed to replicate it! The problem is I managed to replicate it once, and not anymore. I wonder if this is some kind of race condition.

For you, does it happen all the time?

Can you maybe do a last debug for me? Can you change the code to raise the exception on this block so that we can understand the root of the problem?

[joaogbcravo]

I think I can replicate it if I delete/create the secret. I managed to get this error... I will look on it

  Normal  Logging  39s   kopf  Already unlocked
  Normal  Logging  39s   kopf  Already unlocked
  Normal  Logging  38s   kopf  Looking up secret with ID: db4a5afe-21f0-4bb1-844c-b11a01150cb0
  Normal  Logging  37s   kopf  Looking up secret with ID: db4a5afe-21f0-4bb1-844c-b11a01150cb0
  Normal  Logging  38s   kopf  Sync successful {'success': True, 'data': {'noColor': False, 'object': 'message', 'title': 'Syncing complete.', 'message': None}}
  Normal  Logging  37s   kopf  Sync successful {'success': True, 'data': {'noColor': False, 'object': 'message', 'title': 'Syncing complete.', 'message': None}}
  Normal  Logging  36s   kopf  Handler 'create_managed_secret' succeeded.
  Error   Logging  37s   kopf  Timer 'update_managed_secret' failed with an exception. Will retry.
Traceback (most recent call last):
  File "/usr/lib/python3.11/site-packages/kopf/_core/actions/execution.py", line 276, in execute_handler_once
    result = await invoke_handler(
             ^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/kopf/_core/actions/execution.py", line 371, in invoke_handler
    result = await invocation.invoke(
             ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/kopf/_... 'Cache-Control': 'no-cache, private', 'Content-Type': 'application/json', 'X-Kubernetes-Pf-Flowschema-Uid': '6a8618f6-5796-4a95-8198-2ddea5c5f227', 'X-Kubernetes-Pf-Prioritylevel-Uid': 'fa71be9c-91f9-434e-a7cc-515a638e33f0', 'Date': 'Tue, 12 Mar 2024 19:34:03 GMT', 'Content-Length': '196'})
HTTP response body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"secrets \"test-secret\" not found","reason":"NotFound","details":{"name":"test-secret","kind":"secrets"},"code":404}
  Normal   Logging  36s  kopf  Secret default/test-secret has been created
  Warning  Logging  37s  kopf  Could not update secret default/test-secret!
  Normal   Logging  36s  kopf  Creation is processed: 1 succeeded; 0 failed.

[joaogbcravo]

@Lerentis I managed to replicate the problem (same exception) also with the main branch code.

Can you confirm the exception you are getting is the same or other?

I used skaffold :)

[Lerentis]

@joaogbcravo for me this is reproducible every time and does not happen on main. if you want to we can have a debug session together via discord? send me your details to lerentis at uploadfilter24 dot eu

[Lerentis]

@joaogbcravo ping. Did not get a mail from you

[joaogbcravo]

Hi @Lerentis I sent it yesterday!

[Lerentis]

closing due to inactivity