Add possibility to specify encryption context for secrets (#127)

* Add possibiloty to define credstash secret context * update * update * fmt * fix lint issues * fix lint, pt2
ouzi-dev · May 20, 2020 · afb4f25 · afb4f25
1 parent 648f971
commit afb4f25
Show file tree

Hide file tree

Showing 9 changed files with 399 additions and 22 deletions.
diff --git a/README.md b/README.md
@@ -31,8 +31,12 @@ spec:
       name: renamed-test-secret
       # table: the dynamoDB table that contains the credstash secrets (Optional. Defaults to credential-store)
       table: credential-store
-      # version: the version of the secret in credstash for the provided key (Optional.Defaults to the latest version)
+      # version: the version of the secret in credstash for the provided key (Optional. Defaults to the latest version)
       version: 1
+      # context: key value pairs to the encryption context (Optional)
+      context:
+        key1: value1
+        key2: value2
   # type: the type of the resulting kubernetes secret (Optional. Defaults to Opaque)
   type: Opaque
 ```
@@ -81,6 +85,10 @@ spec:
       name: .dockerconfigjson
       # table: the dynamoDB table that contains the credstash secrets (Optional. Defaults to credential-store)
       table: credential-store
+      # context: key value pairs to the encryption context (Optional)
+      context:
+        key1: value1
+        key2: value2
   # type: the type of the resulting kubernetes secret (Optional. Defaults to Opaque)
   type: kubernetes.io/dockerconfigjson
 ```

diff --git a/deploy/crds/credstash.ouzi.tech_credstashsecrets_crd.yaml b/deploy/crds/credstash.ouzi.tech_credstashsecrets_crd.yaml
@@ -49,6 +49,9 @@ spec:
                     type: string
                   version:
                     type: string
+                  context:
+                    type: object
+                    x-kubernetes-preserve-unknown-fields: true
                 type: object
               type: array
             type:

diff --git a/deploy/deployment.yaml b/deploy/deployment.yaml
@@ -15,18 +15,22 @@ spec:
       serviceAccountName: credstash-operator
       containers:
         - name: credstash-operator
-          image: quay.io/ouzi/credstash-operator:v0.0.1
+          image: quay.io/ouzi/credstash-operator:latest
           command:
             - credstash-operator
           imagePullPolicy: Always
           envFrom:
             - secretRef:
                 name: aws-credentials
           env:
-          #  - name: WATCH_NAMESPACE
-          #    valueFrom:
-          #      fieldRef:
-          #        fieldPath: metadata.namespace
+#            - name: WATCH_NAMESPACE
+#              valueFrom:
+#                fieldRef:
+#                  fieldPath: metadata.namespace
+            - name: SERVICE_MONITOR_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
             - name: POD_NAME
               valueFrom:
                 fieldRef:

diff --git a/deploy/helm/credstash-operator/crds/crds.yaml b/deploy/helm/credstash-operator/crds/crds.yaml
@@ -49,6 +49,9 @@ spec:
                     type: string
                   version:
                     type: string
+                  context:
+                    type: object
+                    x-kubernetes-preserve-unknown-fields: true
                 type: object
               type: array
             type:

diff --git a/go.mod b/go.mod
@@ -3,19 +3,46 @@ module github.com/ouzi-dev/credstash-operator
 go 1.14
 
 require (
-	github.com/apex/log v1.1.1 // indirect
-	github.com/aws/aws-sdk-go v1.30.7
+	github.com/apex/log v1.1.4 // indirect
+	github.com/aws/aws-sdk-go v1.31.0
+	github.com/bombsimon/wsl/v2 v2.2.0 // indirect
+	github.com/fatih/color v1.9.0 // indirect
+	github.com/fsnotify/fsnotify v1.4.9 // indirect
+	github.com/go-critic/go-critic v0.4.3 // indirect
 	github.com/golang/mock v1.4.3
+	github.com/golangci/gocyclo v0.0.0-20180528144436-0a533e8fa43d // indirect
+	github.com/golangci/golangci-lint v1.24.0 // indirect
+	github.com/golangci/misspell v0.3.5 // indirect
+	github.com/golangci/revgrep v0.0.0-20180812185044-276a5c0a1039 // indirect
+	github.com/gostaticanalysis/analysisutil v0.0.3 // indirect
+	github.com/jirfag/go-printf-func-name v0.0.0-20200119135958-7558a9eaa5af // indirect
+	github.com/mattn/go-colorable v0.1.6 // indirect
+	github.com/mattn/go-runewidth v0.0.9 // indirect
+	github.com/mitchellh/mapstructure v1.3.0 // indirect
 	github.com/olekukonko/tablewriter v0.0.4 // indirect
 	github.com/operator-framework/operator-sdk v0.16.0
+	github.com/pelletier/go-toml v1.8.0 // indirect
+	github.com/sirupsen/logrus v1.6.0 // indirect
+	github.com/sourcegraph/go-diff v0.5.2 // indirect
+	github.com/spf13/cast v1.3.1 // indirect
+	github.com/spf13/cobra v1.0.0 // indirect
 	github.com/spf13/pflag v1.0.5
+	github.com/spf13/viper v1.7.0 // indirect
 	github.com/stretchr/testify v1.5.1
+	github.com/timakin/bodyclose v0.0.0-20200424151742-cb6215831a94 // indirect
 	github.com/versent/unicreds v1.5.1-0.20180327234242-7135c859e003
+	golang.org/x/mod v0.3.0 // indirect
+	golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9 // indirect
+	golang.org/x/tools v0.0.0-20200515220128-d3bf790afa53 // indirect
+	gopkg.in/ini.v1 v1.56.0 // indirect
+	honnef.co/go/tools v0.0.1-2020.1.4 // indirect
 	k8s.io/api v0.17.4
 	k8s.io/apimachinery v0.17.4
 	k8s.io/client-go v12.0.0+incompatible
 	k8s.io/kube-openapi v0.0.0-20200121204235-bf4fb3bd569c
+	mvdan.cc/unparam v0.0.0-20200501210554-b37ab49443f7 // indirect
 	sigs.k8s.io/controller-runtime v0.5.2
+	sourcegraph.com/sqs/pbtypes v1.0.0 // indirect
 )
 
 // Pinned to kubernetes-1.17.0