james/warden-operator
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
warden-operator/operator-script.yaml
James Andariese ae982f8bf4 initial import
2024-08-04 14:31:00 -05:00

50 lines
4.1 KiB
YAML
Raw Permalink Blame History

apiVersion: v1
data:
warden-operator-sync: "#!/bin/sh\nset -ex\n\n: ${SCHEME:=k8s}\n: ${DRYRUN:=no}\n\nEXTRAFLAGS=\"\"\n\nif
[ \"$OVERRIDE_OWNERSHIP\" = yes -o \"$OVERRIDE_OWNERSHIP\" = true -o \"$OVERRIDE_OWNERSHIP\"
= 1 ];then\n EXTRAFLAGS=\"$EXTRAFLAGS --force-conflicts\"\nfi\n\nwhile true;do\n
\ echo \"starting sync of $SCHEME://\"\ncurl -sL http://localhost:8087/list/object/items
| \\\njq -c \\\n --arg scheme \"${SCHEME}\" \\\n'\n# str -> {uri: str, path:
str[], scheme: str?, auth: str?, domain: str?, port: int?, query: str?, fragment:
str?}\ndef uriparse:\n . as $input\n # capture the url elements\n | capture(\"^((?<scheme>[^:/?#]+):)?(//(((?<auth>[^@]*)@)?(?<domain>[^/?#:]*)(:(?<port>[0-9]*))?))?(?<path>[^?#]*)?([?](?<query>[^#]*))?(#(?<fragment>.*))?\")\n
\ # remove nulls\n | del(.[] | nulls)\n # split query params\n | if .query
then .query |= ((split(\"&\") | .[] |= (split(\"=\") | {(.[0]): (.[1] // \"\")}))
| add) else . end\n # split path elements and drop the leading \"\"\n | if
.path then .path |= (ltrimstr(\"/\") | split(\"/\")) else . end\n | .port |=
tonumber?\n | .uri = $input;\n\ndef count(elt): [.[] | select(. == elt)] | length;\ndef
counts: . as $in | unique | map(. as $elt | {\"\\($elt)\": $in | count($elt)})
| add;\ndef repeats: counts | [to_entries[] | select(.value > 1) .key];\ndef assert(what;
msg): if what then . else (msg | halt_error(77)) end;\n\n.\n| assert(.success
== true; \"listing objects in vault failed.\")\n| assert(.data.object == \"list\";
\"object list is not a list?\")\n| [ .data.data[]\n | . as $input\n | select(.login.uris
| length > 0)\n | (.login.uris // [])[] |= (.uri | uriparse)\n | select(.login.uris[]
| (.scheme == $scheme and (.path | length) == 2) )\n | .login.uris[]\n | {\"src\":
$input, \"dest\": .}\n] | unique\n| ([.[].dest.uri] | repeats) as $dups\n| assert($dups
| length == 0; \"dups found for destinations: \\($dups)\")\n| .[]\n| .src as $src\n|
.dest as $dest\n| {\n \"namespace\": .dest.path[0],\n \"name\": .dest.path[1],\n
\ \"annotations\": {\n \"app.kubernetes.io/managed-by\": \"warden-operator.kn8v.com\",\n
\ \"warden-operator.kn8v.com/source-uid\": $src.id,\n \"warden-operator.kn8v.com/source-organizationId\":
$src.organizationId,\n \"warden-operator.kn8v.com/source-revisionDate\":
$src.revisionDate,\n \"warden-operator.kn8v.com/source-creationDate\": $src.creationDate,\n
\ \"warden-operator.kn8v.com/source-name\": $src.name,\n \"warden-operator.kn8v.com/source-notes\":
$src.notes,\n \"warden-operator.kn8v.com/source-passwordRevisionDate\": $src.passwordRevisionDate,\n
\ \"warden-operator.kn8v.com/source-folderId\": $src.folderId\n }\n }
as $metadata\n| . = {}\n| .fields = if $src.fields == null then {} else [$src.fields[]
|\n if .type == 3 and .linkedId == 100 then {(.name): $src.login.username}
else\n if .type == 3 and .linkedId == 101 then {(.name): $src.login.password}
else\n {(.name): .value}\n end end\n ] | add end\n| assert(.fields.username
== null and .fields.password == null; \"username and password may not be present
as additional fields\")\n| .fields.username = $src.login.username\n| .fields.password
= $src.login.password\n| del(.fields[] | nulls)\n| {\n \"apiVersion\": \"v1\",\n
\ \"kind\": \"Secret\",\n \"metadata\": $metadata,\n \"stringData\":
.fields\n }\n' | while read -r SEC;do\n echo \"$SEC\" | jq -r '\"syncing \\(.metadata.namespace)/\\(.metadata.name)\"'\n
\ if [ \"$DRYRUN\" != no ];then\n echo \"DRY-RUN MODE\"\n echo \"$SEC\"
\n echo \"| kubectl apply --server-side=true --field-manager=\\\"warden-operator.kn8v.com\\\"
$EXTRAFLAGS -f -\"\n else\n echo \"$SEC\" | kubectl apply --server-side=true
--field-manager=\"warden-operator.kn8v.com\" $EXTRAFLAGS -f - || 1>&2 echo \"failed
to apply!\"\n fi\n done\n echo \"done with sync\"\n sleep ${SYNC_INTERVAL-60}\ndone\n"
kind: ConfigMap
metadata:
creationTimestamp: null
name: warden-operator-sync-script
Reference in New Issue View Git Blame Copy Permalink