From 1590dd9b89c26d98581f7982b062378eda339f40 Mon Sep 17 00:00:00 2001 From: jillianwilson Date: Mon, 6 Sep 2021 14:23:59 -0300 Subject: [PATCH] Updating path for fetching 1password items to be of the op:// reference format --- README.md | 12 +-- cmd/manager/main.go | 3 +- .../onepassword.com_onepassworditems_crd.yaml | 2 +- ...onepassword.com_v1_onepassworditem_cr.yaml | 2 +- deploy/operator.yaml | 1 + .../onepassword/v1/onepasswordsecret_types.go | 2 +- .../deployment/deployment_controller.go | 4 +- .../deployment/deployment_controller_test.go | 34 +++---- .../onepassworditem_controller.go | 3 +- .../onepassworditem/onepassworditem_test.go | 14 +-- .../kubernetes_secrets_builder.go | 6 +- .../kubernetes_secrets_builder_test.go | 21 +---- pkg/onepassword/annotations.go | 2 +- pkg/onepassword/annotations_test.go | 6 +- pkg/onepassword/items.go | 33 +++++-- pkg/onepassword/secret_update_handler.go | 6 +- pkg/onepassword/secret_update_handler_test.go | 94 +++++++++---------- 17 files changed, 129 insertions(+), 116 deletions(-) diff --git a/README.md b/README.md index ca2e7d3d..5cb78b44 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ The 1Password Connect Kubernetes Operator provides the ability to integrate Kubernetes with 1Password. This Operator manages `OnePasswordItem` Custom Resource Definitions (CRDs) that define the location of an Item stored in 1Password. The `OnePasswordItem` CRD, when created, will be used to compose a Kubernetes Secret containing the contents of the specified item. -The 1Password Connect Kubernetes Operator also allows for Kubernetes Secrets to be composed from a 1Password Item through annotation of an Item Path on a deployment. +The 1Password Connect Kubernetes Operator also allows for Kubernetes Secrets to be composed from a 1Password Item through annotation of an Item Reference on a deployment. The 1Password Connect Kubernetes Operator will continually check for updates from 1Password for any Kubernetes Secret that it has generated. If a Kubernetes Secret is updated, any Deployment using that secret can be automatically restarted. @@ -106,7 +106,7 @@ kind: OnePasswordItem metadata: name: #this name will also be used for naming the generated kubernetes secret spec: - itemPath: "vaults//items/" + itemReference: "op:///" ``` Deploy the OnePasswordItem to Kubernetes: @@ -131,20 +131,20 @@ kind: Deployment metadata: name: deployment-example annotations: - operator.1password.io/item-path: "vaults//items/" + operator.1password.io/item-reference: "op:///" operator.1password.io/item-name: "" ``` -Applying this yaml file will create a Kubernetes Secret with the name `` and contents from the location specified at the specified Item Path. +Applying this yaml file will create a Kubernetes Secret with the name `` and contents from the location specified at the specified Item Reference. -Note: Deleting the Deployment that you've created will automatically delete the created Kubernetes Secret only if the deployment is still annotated with `operator.1password.io/item-path` and `operator.1password.io/item-name` and no other deployment is using the secret. +Note: Deleting the Deployment that you've created will automatically delete the created Kubernetes Secret only if the deployment is still annotated with `operator.1password.io/item-reference` and `operator.1password.io/item-name` and no other deployment is using the secret. If a 1Password Item that is linked to a Kubernetes Secret is updated within the POLLING_INTERVAL the associated Kubernetes Secret will be updated. However, if you do not want a specific secret to be updated you can add the tag `operator.1password.io:ignore-secret` to the item stored in 1Password. While this tag is in place, any updates made to an item will not trigger an update to the associated secret in Kubernetes. --- **NOTE** -If multiple 1Password vaults/items have the same `title` when using a title in the access path, the desired action will be performed on the oldest vault/item. +If multiple 1Password vaults/items have the same `title` when using a title in the access reference, the desired action will be performed on the oldest vault/item. Titles and field names that include white space and other characters that are not a valid [DNS subdomain name](https://kubernetes.io/docs/concepts/configuration/secret/) will create Kubernetes secrets that have titles and fields in the following format: - Invalid characters before the first alphanumeric character and after the last alphanumeric character will be removed diff --git a/cmd/manager/main.go b/cmd/manager/main.go index 2d7904cc..77fb5cb3 100644 --- a/cmd/manager/main.go +++ b/cmd/manager/main.go @@ -178,7 +178,8 @@ func main() { ticker.Stop() return case <-ticker.C: - updatedSecretsPoller.UpdateKubernetesSecretsTask() + err := updatedSecretsPoller.UpdateKubernetesSecretsTask() + log.Error(err, "Error occured during update secret task") } } }() diff --git a/deploy/crds/onepassword.com_onepassworditems_crd.yaml b/deploy/crds/onepassword.com_onepassworditems_crd.yaml index 3a219186..e8a7c7f6 100644 --- a/deploy/crds/onepassword.com_onepassworditems_crd.yaml +++ b/deploy/crds/onepassword.com_onepassworditems_crd.yaml @@ -33,7 +33,7 @@ spec: spec: description: OnePasswordItemSpec defines the desired state of OnePasswordItem properties: - itemPath: + itemReference: type: string type: object status: diff --git a/deploy/crds/onepassword.com_v1_onepassworditem_cr.yaml b/deploy/crds/onepassword.com_v1_onepassworditem_cr.yaml index 8afe8fc8..d70966d4 100644 --- a/deploy/crds/onepassword.com_v1_onepassworditem_cr.yaml +++ b/deploy/crds/onepassword.com_v1_onepassworditem_cr.yaml @@ -3,4 +3,4 @@ kind: OnePasswordItem metadata: name: example spec: - itemPath: "vaults//items/" + itemReference: "op:///" diff --git a/deploy/operator.yaml b/deploy/operator.yaml index f00aaf43..ee09fdff 100644 --- a/deploy/operator.yaml +++ b/deploy/operator.yaml @@ -16,6 +16,7 @@ spec: containers: - name: onepassword-connect-operator image: 1password/onepassword-operator + imagePullPolicy: Never command: ["/manager"] env: - name: WATCH_NAMESPACE diff --git a/pkg/apis/onepassword/v1/onepasswordsecret_types.go b/pkg/apis/onepassword/v1/onepasswordsecret_types.go index 79185393..bd69061f 100644 --- a/pkg/apis/onepassword/v1/onepasswordsecret_types.go +++ b/pkg/apis/onepassword/v1/onepasswordsecret_types.go @@ -8,7 +8,7 @@ import ( // OnePasswordItemSpec defines the desired state of OnePasswordItem type OnePasswordItemSpec struct { - ItemPath string `json:"itemPath,omitempty"` + ItemReference string `json:"itemReference,omitempty"` } // OnePasswordItemStatus defines the observed state of OnePasswordItem diff --git a/pkg/controller/deployment/deployment_controller.go b/pkg/controller/deployment/deployment_controller.go index 93ff956f..d9d32dd3 100644 --- a/pkg/controller/deployment/deployment_controller.go +++ b/pkg/controller/deployment/deployment_controller.go @@ -192,11 +192,11 @@ func (r *ReconcileDeployment) HandleApplyingDeployment(namespace string, annotat secretName := annotations[op.NameAnnotation] if len(secretName) == 0 { - reqLog.Info("No 'item-name' annotation set. 'item-path' and 'item-name' must be set as annotations to add new secret.") + reqLog.Info("No 'item-name' annotation set. 'item-reference' and 'item-name' must be set as annotations to add new secret.") return nil } - item, err := op.GetOnePasswordItemByPath(r.opConnectClient, annotations[op.ItemPathAnnotation]) + item, err := op.GetOnePasswordItemByReference(r.opConnectClient, annotations[op.ItemReferenceAnnotation]) if err != nil { return fmt.Errorf("Failed to retrieve item: %v", err) } diff --git a/pkg/controller/deployment/deployment_controller_test.go b/pkg/controller/deployment/deployment_controller_test.go index d4b99d29..4c27bd3e 100644 --- a/pkg/controller/deployment/deployment_controller_test.go +++ b/pkg/controller/deployment/deployment_controller_test.go @@ -52,7 +52,7 @@ var ( "password": []byte(password), "username": []byte(username), } - itemPath = fmt.Sprintf("vaults/%v/items/%v", vaultId, itemId) + ItemReference = fmt.Sprintf("op://%v/%v", vaultId, itemId) ) var ( @@ -76,8 +76,8 @@ var tests = []testReconcileItem{ finalizer, }, Annotations: map[string]string{ - op.ItemPathAnnotation: itemPath, - op.NameAnnotation: name, + op.ItemReferenceAnnotation: ItemReference, + op.NameAnnotation: name, }, }, }, @@ -90,8 +90,8 @@ var tests = []testReconcileItem{ Name: "another-deployment", Namespace: namespace, Annotations: map[string]string{ - op.ItemPathAnnotation: itemPath, - op.NameAnnotation: name, + op.ItemReferenceAnnotation: ItemReference, + op.NameAnnotation: name, }, }, Spec: appsv1.DeploymentSpec{ @@ -152,8 +152,8 @@ var tests = []testReconcileItem{ finalizer, }, Annotations: map[string]string{ - op.ItemPathAnnotation: itemPath, - op.NameAnnotation: name, + op.ItemReferenceAnnotation: ItemReference, + op.NameAnnotation: name, }, }, }, @@ -166,8 +166,8 @@ var tests = []testReconcileItem{ Name: "another-deployment", Namespace: namespace, Annotations: map[string]string{ - op.ItemPathAnnotation: itemPath, - op.NameAnnotation: name, + op.ItemReferenceAnnotation: ItemReference, + op.NameAnnotation: name, }, }, Spec: appsv1.DeploymentSpec{ @@ -235,8 +235,8 @@ var tests = []testReconcileItem{ finalizer, }, Annotations: map[string]string{ - op.ItemPathAnnotation: itemPath, - op.NameAnnotation: name, + op.ItemReferenceAnnotation: ItemReference, + op.NameAnnotation: name, }, }, }, @@ -268,8 +268,8 @@ var tests = []testReconcileItem{ Name: name, Namespace: namespace, Annotations: map[string]string{ - op.ItemPathAnnotation: itemPath, - op.NameAnnotation: name, + op.ItemReferenceAnnotation: ItemReference, + op.NameAnnotation: name, }, }, }, @@ -310,8 +310,8 @@ var tests = []testReconcileItem{ Name: name, Namespace: namespace, Annotations: map[string]string{ - op.ItemPathAnnotation: itemPath, - op.NameAnnotation: name, + op.ItemReferenceAnnotation: ItemReference, + op.NameAnnotation: name, }, }, }, @@ -352,8 +352,8 @@ var tests = []testReconcileItem{ Name: name, Namespace: namespace, Annotations: map[string]string{ - op.ItemPathAnnotation: itemPath, - op.NameAnnotation: name, + op.ItemReferenceAnnotation: ItemReference, + op.NameAnnotation: name, }, }, }, diff --git a/pkg/controller/onepassworditem/onepassworditem_controller.go b/pkg/controller/onepassworditem/onepassworditem_controller.go index c5cf8996..40326c0a 100644 --- a/pkg/controller/onepassworditem/onepassworditem_controller.go +++ b/pkg/controller/onepassworditem/onepassworditem_controller.go @@ -3,6 +3,7 @@ package onepassworditem import ( "context" "fmt" + onepasswordv1 "github.com/1Password/onepassword-operator/pkg/apis/onepassword/v1" kubeSecrets "github.com/1Password/onepassword-operator/pkg/kubernetessecrets" "github.com/1Password/onepassword-operator/pkg/onepassword" @@ -145,7 +146,7 @@ func (r *ReconcileOnePasswordItem) HandleOnePasswordItem(resource *onepasswordv1 secretName := resource.GetName() autoRestart := resource.Annotations[op.RestartDeploymentsAnnotation] - item, err := onepassword.GetOnePasswordItemByPath(r.opConnectClient, resource.Spec.ItemPath) + item, err := onepassword.GetOnePasswordItemByReference(r.opConnectClient, resource.Spec.ItemReference) if err != nil { return fmt.Errorf("Failed to retrieve item: %v", err) } diff --git a/pkg/controller/onepassworditem/onepassworditem_test.go b/pkg/controller/onepassworditem/onepassworditem_test.go index 09d5b3b9..57195aad 100644 --- a/pkg/controller/onepassworditem/onepassworditem_test.go +++ b/pkg/controller/onepassworditem/onepassworditem_test.go @@ -55,7 +55,7 @@ var ( "password": []byte(password), "username": []byte(username), } - itemPath = fmt.Sprintf("vaults/%v/items/%v", vaultId, itemId) + itemReference = fmt.Sprintf("op://%v/%v", vaultId, itemId) ) var ( @@ -79,7 +79,7 @@ var tests = []testReconcileItem{ }, }, Spec: onepasswordv1.OnePasswordItemSpec{ - ItemPath: itemPath, + ItemReference: itemReference, }, }, existingSecret: &corev1.Secret{ @@ -111,7 +111,7 @@ var tests = []testReconcileItem{ Namespace: namespace, }, Spec: onepasswordv1.OnePasswordItemSpec{ - ItemPath: itemPath, + ItemReference: itemReference, }, }, existingSecret: &corev1.Secret{ @@ -152,7 +152,7 @@ var tests = []testReconcileItem{ Namespace: namespace, }, Spec: onepasswordv1.OnePasswordItemSpec{ - ItemPath: itemPath, + ItemReference: itemReference, }, }, existingSecret: &corev1.Secret{ @@ -193,7 +193,7 @@ var tests = []testReconcileItem{ Namespace: namespace, }, Spec: onepasswordv1.OnePasswordItemSpec{ - ItemPath: itemPath, + ItemReference: itemReference, }, }, existingSecret: nil, @@ -225,7 +225,7 @@ var tests = []testReconcileItem{ Namespace: namespace, }, Spec: onepasswordv1.OnePasswordItemSpec{ - ItemPath: itemPath, + ItemReference: itemReference, }, }, existingSecret: nil, @@ -257,7 +257,7 @@ var tests = []testReconcileItem{ Namespace: namespace, }, Spec: onepasswordv1.OnePasswordItemSpec{ - ItemPath: itemPath, + ItemReference: itemReference, }, }, existingSecret: nil, diff --git a/pkg/kubernetessecrets/kubernetes_secrets_builder.go b/pkg/kubernetessecrets/kubernetes_secrets_builder.go index fba54fba..ffbf2d1b 100644 --- a/pkg/kubernetessecrets/kubernetes_secrets_builder.go +++ b/pkg/kubernetessecrets/kubernetes_secrets_builder.go @@ -23,7 +23,7 @@ const OnepasswordPrefix = "operator.1password.io" const NameAnnotation = OnepasswordPrefix + "/item-name" const VersionAnnotation = OnepasswordPrefix + "/item-version" const restartAnnotation = OnepasswordPrefix + "/last-restarted" -const ItemPathAnnotation = OnepasswordPrefix + "/item-path" +const ItemReferenceAnnotation = OnepasswordPrefix + "/item-reference" const RestartDeploymentsAnnotation = OnepasswordPrefix + "/auto-restart" var log = logf.Log @@ -32,8 +32,8 @@ func CreateKubernetesSecretFromItem(kubeClient kubernetesClient.Client, secretNa itemVersion := fmt.Sprint(item.Version) annotations := map[string]string{ - VersionAnnotation: itemVersion, - ItemPathAnnotation: fmt.Sprintf("vaults/%v/items/%v", item.Vault.ID, item.ID), + VersionAnnotation: itemVersion, + ItemReferenceAnnotation: fmt.Sprintf("op://%v/%v", item.Vault.ID, item.ID), } if autoRestart != "" { _, err := utils.StringToBool(autoRestart) diff --git a/pkg/kubernetessecrets/kubernetes_secrets_builder_test.go b/pkg/kubernetessecrets/kubernetes_secrets_builder_test.go index 3c9484d0..0c79b385 100644 --- a/pkg/kubernetessecrets/kubernetes_secrets_builder_test.go +++ b/pkg/kubernetessecrets/kubernetes_secrets_builder_test.go @@ -3,10 +3,11 @@ package kubernetessecrets import ( "context" "fmt" - kubeValidate "k8s.io/apimachinery/pkg/util/validation" "strings" "testing" + kubeValidate "k8s.io/apimachinery/pkg/util/validation" + "github.com/1Password/connect-sdk-go/onepassword" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/types" @@ -42,7 +43,7 @@ func TestCreateKubernetesSecretFromOnePasswordItem(t *testing.T) { t.Errorf("Secret was not created: %v", err) } compareFields(item.Fields, createdSecret.Data, t) - compareAnnotationsToItem(createdSecret.Annotations, item, t) + compareAnnotationsToItem(item.Vault.ID, item.ID, createdSecret.Annotations, item, t) } func TestUpdateKubernetesSecretFromOnePasswordItem(t *testing.T) { @@ -78,7 +79,7 @@ func TestUpdateKubernetesSecretFromOnePasswordItem(t *testing.T) { t.Errorf("Secret was not found: %v", err) } compareFields(newItem.Fields, updatedSecret.Data, t) - compareAnnotationsToItem(updatedSecret.Annotations, newItem, t) + compareAnnotationsToItem(newItem.Vault.ID, newItem.ID, updatedSecret.Annotations, newItem, t) } func TestBuildKubernetesSecretData(t *testing.T) { fields := generateFields(5) @@ -152,11 +153,7 @@ func TestBuildKubernetesSecretFixesInvalidLabels(t *testing.T) { } } -func compareAnnotationsToItem(annotations map[string]string, item onepassword.Item, t *testing.T) { - actualVaultId, actualItemId, err := ParseVaultIdAndItemIdFromPath(annotations[ItemPathAnnotation]) - if err != nil { - t.Errorf("Was unable to parse Item Path") - } +func compareAnnotationsToItem(actualVaultId, actualItemId string, annotations map[string]string, item onepassword.Item, t *testing.T) { if actualVaultId != item.Vault.ID { t.Errorf("Expected annotation vault id to be %v but was %v", item.Vault.ID, actualVaultId) } @@ -196,14 +193,6 @@ func generateFields(numToGenerate int) []*onepassword.ItemField { return fields } -func ParseVaultIdAndItemIdFromPath(path string) (string, string, error) { - splitPath := strings.Split(path, "/") - if len(splitPath) == 4 && splitPath[0] == "vaults" && splitPath[2] == "items" { - return splitPath[1], splitPath[3], nil - } - return "", "", fmt.Errorf("%q is not an acceptable path for One Password item. Must be of the format: `vaults/{vault_id}/items/{item_id}`", path) -} - func validLabel(v string) bool { if err := kubeValidate.IsDNS1123Subdomain(v); len(err) > 0 { return false diff --git a/pkg/onepassword/annotations.go b/pkg/onepassword/annotations.go index 652f6717..3ffd0d02 100644 --- a/pkg/onepassword/annotations.go +++ b/pkg/onepassword/annotations.go @@ -9,7 +9,7 @@ import ( const ( OnepasswordPrefix = "operator.1password.io" - ItemPathAnnotation = OnepasswordPrefix + "/item-path" + ItemReferenceAnnotation = OnepasswordPrefix + "/item-reference" NameAnnotation = OnepasswordPrefix + "/item-name" VersionAnnotation = OnepasswordPrefix + "/item-version" RestartAnnotation = OnepasswordPrefix + "/last-restarted" diff --git a/pkg/onepassword/annotations_test.go b/pkg/onepassword/annotations_test.go index 3949f788..ba87de46 100644 --- a/pkg/onepassword/annotations_test.go +++ b/pkg/onepassword/annotations_test.go @@ -22,7 +22,7 @@ func TestFilterAnnotations(t *testing.T) { if len(filteredAnnotations) != 2 { t.Errorf("Unexpected number of filtered annotations returned. Expected 2, got %v", len(filteredAnnotations)) } - _, found := filteredAnnotations[ItemPathAnnotation] + _, found := filteredAnnotations[ItemReferenceAnnotation] if !found { t.Errorf("One Password Annotation was filtered when it should not have been") } @@ -87,7 +87,7 @@ func TestGetNoAnnotationsForDeployment(t *testing.T) { func getValidAnnotations() map[string]string { return map[string]string{ - ItemPathAnnotation: "vaults/b3e4c7fc-8bf7-4c22-b8bb-147539f10e4f/items/b3e4c7fc-8bf7-4c22-b8bb-147539f10e4f", - NameAnnotation: "secretName", + ItemReferenceAnnotation: "op://b3e4c7fc-8bf7-4c22-b8bb-147539f10e4f/b3e4c7fc-8bf7-4c22-b8bb-147539f10e4f", + NameAnnotation: "secretName", } } diff --git a/pkg/onepassword/items.go b/pkg/onepassword/items.go index 11c4914b..f3a1af47 100644 --- a/pkg/onepassword/items.go +++ b/pkg/onepassword/items.go @@ -11,11 +11,16 @@ import ( var logger = logf.Log.WithName("retrieve_item") -func GetOnePasswordItemByPath(opConnectClient connect.Client, path string) (*onepassword.Item, error) { - vaultValue, itemValue, err := ParseVaultAndItemFromPath(path) +const ( + secretReferencePrefix = "op://" +) + +func GetOnePasswordItemByReference(opConnectClient connect.Client, reference string) (*onepassword.Item, error) { + vaultValue, itemValue, err := ParseReference(reference) if err != nil { return nil, err } + vaultId, err := getVaultId(opConnectClient, vaultValue) if err != nil { return nil, err @@ -33,12 +38,28 @@ func GetOnePasswordItemByPath(opConnectClient connect.Client, path string) (*one return item, nil } -func ParseVaultAndItemFromPath(path string) (string, string, error) { +func ParseReference(reference string) (string, string, error) { + if !strings.HasPrefix(reference, secretReferencePrefix) { + return "", "", fmt.Errorf("secret reference should start with `op://`") + } + path := strings.TrimPrefix(reference, secretReferencePrefix) + splitPath := strings.Split(path, "/") - if len(splitPath) == 4 && splitPath[0] == "vaults" && splitPath[2] == "items" { - return splitPath[1], splitPath[3], nil + if len(splitPath) != 2 { + return "", "", fmt.Errorf("Invalid secret reference : %s. Secret references should match op:///", reference) } - return "", "", fmt.Errorf("%q is not an acceptable path for One Password item. Must be of the format: `vaults/{vault_id}/items/{item_id}`", path) + + vault := splitPath[0] + if vault == "" { + return "", "", fmt.Errorf("Invalid secret reference : %s. Vault can't be empty.", reference) + } + + item := splitPath[1] + if item == "" { + return "", "", fmt.Errorf("Invalid secret reference : %s. Item can't be empty.", reference) + } + + return vault, item, nil } func getVaultId(client connect.Client, vaultIdentifier string) (string, error) { diff --git a/pkg/onepassword/secret_update_handler.go b/pkg/onepassword/secret_update_handler.go index cb1f659b..f47d56db 100644 --- a/pkg/onepassword/secret_update_handler.go +++ b/pkg/onepassword/secret_update_handler.go @@ -110,13 +110,13 @@ func (h *SecretUpdateHandler) updateKubernetesSecrets() (map[string]map[string]* for i := 0; i < len(secrets.Items); i++ { secret := secrets.Items[i] - itemPath := secret.Annotations[ItemPathAnnotation] + itemReference := secret.Annotations[ItemReferenceAnnotation] currentVersion := secret.Annotations[VersionAnnotation] - if len(itemPath) == 0 || len(currentVersion) == 0 { + if len(itemReference) == 0 || len(currentVersion) == 0 { continue } - item, err := GetOnePasswordItemByPath(h.opConnectClient, secret.Annotations[ItemPathAnnotation]) + item, err := GetOnePasswordItemByReference(h.opConnectClient, secret.Annotations[ItemReferenceAnnotation]) if err != nil { return nil, fmt.Errorf("Failed to retrieve item: %v", err) } diff --git a/pkg/onepassword/secret_update_handler_test.go b/pkg/onepassword/secret_update_handler_test.go index 269a179a..4ac33e68 100644 --- a/pkg/onepassword/secret_update_handler_test.go +++ b/pkg/onepassword/secret_update_handler_test.go @@ -51,7 +51,7 @@ var ( "password": []byte(password), "username": []byte(username), } - itemPath = fmt.Sprintf("vaults/%v/items/%v", vaultId, itemId) + itemReference = fmt.Sprintf("op://%v/%v", vaultId, itemId) ) var defaultNamespace = &corev1.Namespace{ @@ -73,8 +73,8 @@ var tests = []testUpdateSecretTask{ Name: name, Namespace: namespace, Annotations: map[string]string{ - NameAnnotation: "unlrelated secret", - ItemPathAnnotation: itemPath, + NameAnnotation: "unlrelated secret", + ItemReferenceAnnotation: itemReference, }, }, }, @@ -83,8 +83,8 @@ var tests = []testUpdateSecretTask{ Name: name, Namespace: namespace, Annotations: map[string]string{ - VersionAnnotation: "old version", - ItemPathAnnotation: itemPath, + VersionAnnotation: "old version", + ItemReferenceAnnotation: itemReference, }, }, Data: expectedSecretData, @@ -95,8 +95,8 @@ var tests = []testUpdateSecretTask{ Name: name, Namespace: namespace, Annotations: map[string]string{ - VersionAnnotation: fmt.Sprint(itemVersion), - ItemPathAnnotation: itemPath, + VersionAnnotation: fmt.Sprint(itemVersion), + ItemReferenceAnnotation: itemReference, }, }, Data: expectedSecretData, @@ -149,8 +149,8 @@ var tests = []testUpdateSecretTask{ Name: name, Namespace: namespace, Annotations: map[string]string{ - VersionAnnotation: "old version", - ItemPathAnnotation: itemPath, + VersionAnnotation: "old version", + ItemReferenceAnnotation: itemReference, }, }, Data: expectedSecretData, @@ -161,8 +161,8 @@ var tests = []testUpdateSecretTask{ Name: name, Namespace: namespace, Annotations: map[string]string{ - VersionAnnotation: fmt.Sprint(itemVersion), - ItemPathAnnotation: itemPath, + VersionAnnotation: fmt.Sprint(itemVersion), + ItemReferenceAnnotation: itemReference, }, }, Data: expectedSecretData, @@ -186,8 +186,8 @@ var tests = []testUpdateSecretTask{ Name: name, Namespace: namespace, Annotations: map[string]string{ - ItemPathAnnotation: itemPath, - NameAnnotation: name, + ItemReferenceAnnotation: itemReference, + NameAnnotation: name, }, }, }, @@ -196,8 +196,8 @@ var tests = []testUpdateSecretTask{ Name: name, Namespace: namespace, Annotations: map[string]string{ - VersionAnnotation: "old version", - ItemPathAnnotation: itemPath, + VersionAnnotation: "old version", + ItemReferenceAnnotation: itemReference, }, }, Data: expectedSecretData, @@ -208,8 +208,8 @@ var tests = []testUpdateSecretTask{ Name: name, Namespace: namespace, Annotations: map[string]string{ - VersionAnnotation: fmt.Sprint(itemVersion), - ItemPathAnnotation: itemPath, + VersionAnnotation: fmt.Sprint(itemVersion), + ItemReferenceAnnotation: itemReference, }, }, Data: expectedSecretData, @@ -255,8 +255,8 @@ var tests = []testUpdateSecretTask{ Name: name, Namespace: namespace, Annotations: map[string]string{ - VersionAnnotation: "old version", - ItemPathAnnotation: itemPath, + VersionAnnotation: "old version", + ItemReferenceAnnotation: itemReference, }, }, Data: expectedSecretData, @@ -267,8 +267,8 @@ var tests = []testUpdateSecretTask{ Name: name, Namespace: namespace, Annotations: map[string]string{ - VersionAnnotation: fmt.Sprint(itemVersion), - ItemPathAnnotation: itemPath, + VersionAnnotation: fmt.Sprint(itemVersion), + ItemReferenceAnnotation: itemReference, }, }, Data: expectedSecretData, @@ -292,8 +292,8 @@ var tests = []testUpdateSecretTask{ Name: name, Namespace: namespace, Annotations: map[string]string{ - ItemPathAnnotation: itemPath, - NameAnnotation: name, + ItemReferenceAnnotation: itemReference, + NameAnnotation: name, }, }, }, @@ -302,8 +302,8 @@ var tests = []testUpdateSecretTask{ Name: name, Namespace: namespace, Annotations: map[string]string{ - VersionAnnotation: fmt.Sprint(itemVersion), - ItemPathAnnotation: itemPath, + VersionAnnotation: fmt.Sprint(itemVersion), + ItemReferenceAnnotation: itemReference, }, }, Data: expectedSecretData, @@ -314,8 +314,8 @@ var tests = []testUpdateSecretTask{ Name: name, Namespace: namespace, Annotations: map[string]string{ - VersionAnnotation: fmt.Sprint(itemVersion), - ItemPathAnnotation: itemPath, + VersionAnnotation: fmt.Sprint(itemVersion), + ItemReferenceAnnotation: itemReference, }, }, Data: expectedSecretData, @@ -369,8 +369,8 @@ var tests = []testUpdateSecretTask{ Name: name, Namespace: namespace, Annotations: map[string]string{ - VersionAnnotation: "old version", - ItemPathAnnotation: itemPath, + VersionAnnotation: "old version", + ItemReferenceAnnotation: itemReference, }, }, Data: expectedSecretData, @@ -381,8 +381,8 @@ var tests = []testUpdateSecretTask{ Name: name, Namespace: namespace, Annotations: map[string]string{ - VersionAnnotation: fmt.Sprint(itemVersion), - ItemPathAnnotation: itemPath, + VersionAnnotation: fmt.Sprint(itemVersion), + ItemReferenceAnnotation: itemReference, }, }, Data: expectedSecretData, @@ -439,7 +439,7 @@ var tests = []testUpdateSecretTask{ Namespace: namespace, Annotations: map[string]string{ VersionAnnotation: "old version", - ItemPathAnnotation: itemPath, + ItemReferenceAnnotation: itemReference, RestartDeploymentsAnnotation: "true", }, }, @@ -452,7 +452,7 @@ var tests = []testUpdateSecretTask{ Namespace: namespace, Annotations: map[string]string{ VersionAnnotation: fmt.Sprint(itemVersion), - ItemPathAnnotation: itemPath, + ItemReferenceAnnotation: itemReference, RestartDeploymentsAnnotation: "true", }, }, @@ -510,7 +510,7 @@ var tests = []testUpdateSecretTask{ Namespace: namespace, Annotations: map[string]string{ VersionAnnotation: "old version", - ItemPathAnnotation: itemPath, + ItemReferenceAnnotation: itemReference, RestartDeploymentsAnnotation: "false", }, }, @@ -523,7 +523,7 @@ var tests = []testUpdateSecretTask{ Namespace: namespace, Annotations: map[string]string{ VersionAnnotation: fmt.Sprint(itemVersion), - ItemPathAnnotation: itemPath, + ItemReferenceAnnotation: itemReference, RestartDeploymentsAnnotation: "false", }, }, @@ -580,8 +580,8 @@ var tests = []testUpdateSecretTask{ Name: name, Namespace: namespace, Annotations: map[string]string{ - VersionAnnotation: "old version", - ItemPathAnnotation: itemPath, + VersionAnnotation: "old version", + ItemReferenceAnnotation: itemReference, }, }, Data: expectedSecretData, @@ -592,8 +592,8 @@ var tests = []testUpdateSecretTask{ Name: name, Namespace: namespace, Annotations: map[string]string{ - VersionAnnotation: fmt.Sprint(itemVersion), - ItemPathAnnotation: itemPath, + VersionAnnotation: fmt.Sprint(itemVersion), + ItemReferenceAnnotation: itemReference, }, }, Data: expectedSecretData, @@ -657,8 +657,8 @@ var tests = []testUpdateSecretTask{ Name: name, Namespace: namespace, Annotations: map[string]string{ - VersionAnnotation: "old version", - ItemPathAnnotation: itemPath, + VersionAnnotation: "old version", + ItemReferenceAnnotation: itemReference, }, }, Data: expectedSecretData, @@ -669,8 +669,8 @@ var tests = []testUpdateSecretTask{ Name: name, Namespace: namespace, Annotations: map[string]string{ - VersionAnnotation: fmt.Sprint(itemVersion), - ItemPathAnnotation: itemPath, + VersionAnnotation: fmt.Sprint(itemVersion), + ItemReferenceAnnotation: itemReference, }, }, Data: expectedSecretData, @@ -730,8 +730,8 @@ var tests = []testUpdateSecretTask{ Name: name, Namespace: namespace, Annotations: map[string]string{ - VersionAnnotation: "old version", - ItemPathAnnotation: itemPath, + VersionAnnotation: "old version", + ItemReferenceAnnotation: itemReference, }, }, Data: expectedSecretData, @@ -742,8 +742,8 @@ var tests = []testUpdateSecretTask{ Name: name, Namespace: namespace, Annotations: map[string]string{ - VersionAnnotation: fmt.Sprint(itemVersion), - ItemPathAnnotation: itemPath, + VersionAnnotation: fmt.Sprint(itemVersion), + ItemReferenceAnnotation: itemReference, }, }, Data: expectedSecretData,