james/warden-operator
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
warden-operator/warden-operator-sync
James Andariese ae982f8bf4 initial import
2024-08-04 14:31:00 -05:00

99 lines
3.6 KiB
Bash
Executable File
Raw Permalink Blame History

#!/bin/sh
set -ex
: ${SCHEME:=k8s}
: ${DRYRUN:=no}
EXTRAFLAGS=""
if [ "$OVERRIDE_OWNERSHIP" = yes -o "$OVERRIDE_OWNERSHIP" = true -o "$OVERRIDE_OWNERSHIP" = 1 ];then
EXTRAFLAGS="$EXTRAFLAGS --force-conflicts"
fi
while true;do
echo "starting sync of $SCHEME://"
curl -sL http://localhost:8087/list/object/items | \
jq -c \
--arg scheme "${SCHEME}" \
'
# str -> {uri: str, path: str[], scheme: str?, auth: str?, domain: str?, port: int?, query: str?, fragment: str?}
def uriparse:
. as $input
# capture the url elements
| capture("^((?<scheme>[^:/?#]+):)?(//(((?<auth>[^@]*)@)?(?<domain>[^/?#:]*)(:(?<port>[0-9]*))?))?(?<path>[^?#]*)?([?](?<query>[^#]*))?(#(?<fragment>.*))?")
# remove nulls
| del(.[] | nulls)
# split query params
| if .query then .query |= ((split("&") | .[] |= (split("=") | {(.[0]): (.[1] // "")})) | add) else . end
# split path elements and drop the leading ""
| if .path then .path |= (ltrimstr("/") | split("/")) else . end
| .port |= tonumber?
| .uri = $input;
def count(elt): [.[] | select(. == elt)] | length;
def counts: . as $in | unique | map(. as $elt | {"\($elt)": $in | count($elt)}) | add;
def repeats: counts | [to_entries[] | select(.value > 1) .key];
def assert(what; msg): if what then . else (msg | halt_error(77)) end;
.
| assert(.success == true; "listing objects in vault failed.")
| assert(.data.object == "list"; "object list is not a list?")
| [ .data.data[]
| . as $input
| select(.login.uris | length > 0)
| (.login.uris // [])[] |= (.uri | uriparse)
| select(.login.uris[] | (.scheme == $scheme and (.path | length) == 2) )
| .login.uris[]
| {"src": $input, "dest": .}
] | unique
| ([.[].dest.uri] | repeats) as $dups
| assert($dups | length == 0; "dups found for destinations: \($dups)")
| .[]
| .src as $src
| .dest as $dest
| {
"namespace": .dest.path[0],
"name": .dest.path[1],
"annotations": {
"app.kubernetes.io/managed-by": "warden-operator.kn8v.com",
"warden-operator.kn8v.com/source-uid": $src.id,
"warden-operator.kn8v.com/source-organizationId": $src.organizationId,
"warden-operator.kn8v.com/source-revisionDate": $src.revisionDate,
"warden-operator.kn8v.com/source-creationDate": $src.creationDate,
"warden-operator.kn8v.com/source-name": $src.name,
"warden-operator.kn8v.com/source-notes": $src.notes,
"warden-operator.kn8v.com/source-passwordRevisionDate": $src.passwordRevisionDate,
"warden-operator.kn8v.com/source-folderId": $src.folderId
}
} as $metadata
| . = {}
| .fields = if $src.fields == null then {} else [$src.fields[] |
if .type == 3 and .linkedId == 100 then {(.name): $src.login.username} else
if .type == 3 and .linkedId == 101 then {(.name): $src.login.password} else
{(.name): .value}
end end
] | add end
| assert(.fields.username == null and .fields.password == null; "username and password may not be present as additional fields")
| .fields.username = $src.login.username
| .fields.password = $src.login.password
| del(.fields[] | nulls)
| {
"apiVersion": "v1",
"kind": "Secret",
"metadata": $metadata,
"stringData": .fields
}
' | while read -r SEC;do
echo "$SEC" | jq -r '"syncing \(.metadata.namespace)/\(.metadata.name)"'
if [ "$DRYRUN" != no ];then
echo "DRY-RUN MODE"
echo "$SEC"
echo "| kubectl apply --server-side=true --field-manager=\"warden-operator.kn8v.com\" $EXTRAFLAGS -f -"
else
echo "$SEC" | kubectl apply --server-side=true --field-manager="warden-operator.kn8v.com" $EXTRAFLAGS -f - || 1>&2 echo "failed to apply!"
fi
done
echo "done with sync"
sleep ${SYNC_INTERVAL-60}
done
Reference in New Issue View Git Blame Copy Permalink