Upgrade operator sdk + a few fixes #8
Conversation
Namespace is handled by helm and should not be hardcoded
Use of lpass status to validate re-login and disabling logout command
Remove unneeded id from secretName
echo | docker login -u paullaffitte Error: Cannot perform an interactive login from a non TTY device
Upgrade/operator sdk
| if err != nil || "" == string(out) { | ||
| // sometimes returns error: "Error: HTTP response code said error" even if the credentials are valid | ||
| return fmt.Errorf("verify credentials, unable to login: %s", err) | ||
| _, err := sh.Command("lpass", "status").Output() |
There was a problem hiding this comment.
out of curiosity, any performance issues for doing this i.e. skipping the logout?
There was a problem hiding this comment.
Hi, i didn't spot any performance issues, but in our use-case, we need to sync hundreds of secrets, with the logout activated, we get banned from Lastpass.
We didn't try to Log in at each secret synchronisation, but we'll probably get banned too from Lastpass.
pkg/lastpass/cli.go
Outdated
| } | ||
| log.Printf("Succesfully logged in") | ||
| return nil | ||
| } | ||
|
|
||
| // Logout using lastpass-cli | ||
| func Logout() { | ||
| // lpass logout --force |
There was a problem hiding this comment.
i would probably keep the implementation and comment lastpass.Logout() in here - No point in keeping the method around otherwise
There was a problem hiding this comment.
I think it will be ok π Thanks
| MetricsBindAddress: metricsAddr, | ||
| Port: 9443, | ||
| LeaderElection: enableLeaderElection, | ||
| LeaderElectionID: "e9330328.edgelevel.com", |
There was a problem hiding this comment.
This part of the code was generated by Operator SDK, it's just a random ID to ensure it's unique I guess.
| []Reporter{printer.NewlineReporter{}}) | ||
| } | ||
|
|
||
| // var _ = BeforeSuite(func(done Done) { |
There was a problem hiding this comment.
were these tests auto-generated?
There was a problem hiding this comment.
Yes, they were
| return &corev1.Secret{ | ||
| ObjectMeta: metav1.ObjectMeta{ | ||
| Name: cr.Name + "-" + secret.ID, | ||
| Name: secretName.String(), |
There was a problem hiding this comment.
i haven't used it in a while, just wondering about potential regressions, do you have an example of how it was looking before cr.Name + "-" + secret.ID compared to now?
There was a problem hiding this comment.
I think I remembered why I did this, would there be any potential issues with secret conflicts? See example in the readme example-lastpass-8190226423897406876
There was a problem hiding this comment.
The secretName variable comes from a go template. The default template used to generate the secret name is the following one {{.LastPass.ObjectMeta.Name}}-{{.LastPassSecret.ID}}, so it replicate the old behavior and should not introduce any breaking change. After this change I get by default names like the following lp-cred1-7726733720672245904.
| imagePullPolicy: Always | ||
| {{- if ne .Values.secretNameTemplate "" }} | ||
| args: | ||
| - --secret-name-template={{ .Values.secretNameTemplate }} |
There was a problem hiding this comment.
This is the go template I talked about above. The default one is {{.LastPass.ObjectMeta.Name}}-{{.LastPassSecret.ID}} in order to avoid breaking changes. Setting the secretNameTemplate value in helm chart allows to override this value.
|
@paullaffitte I'm really grateful for the help here! Amazing work, thanks! A couple of things
Thanks again for contributing to the project! I'll wait for your feedback in the comments and then I'll merge the PR |
|
You're welcome, it's always a pleasure to help open-source projects π We tried our best to answer your above questions. And to answer your last message:
|
|
Hi, I haven't installed go and operator-sdk in a while, I'm updating the doc and I was trying to build your repo/branch first and I realized that there were some simple issues to fix in the makefile e.g. replace go get with Was there any concern in bumping to the latest operator-sdk version, i.e. The main reason for asking this is because I need to fix the CI and install the right version of the operator etc., that's all! |
|
Hi, the makefile was generated by operator-sdk, what is the issue with Concerning operator-sdk version, we upgraded it for some reasons, and we just had no reason to upgrade to the latest version, so to save time I stopped at the first version meeting our requirements. But I think it's completely fine to bump the version until the latest one. Our reasons were the following:
Why we wanted to upgrade to at least v1.0.0 One of our goals where to be able to upgrade easily the operator in the future.
Now that all of this is done, the remaining upgrades should be easier and faster than the previous ones. |
|
Thanks for all the details, that was very helpful! I'll let you know when I release the image with your changes π |
This PR contains work from various PR from our fork at Enix. Here is a changelog:
lpass statusto validate re-login and disable logout command π οΈ