Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Consider adding Managed Fields metadata for created Secrets #120

Open
mstyne opened this issue Jul 8, 2022 · 2 comments
Open

Consider adding Managed Fields metadata for created Secrets #120

mstyne opened this issue Jul 8, 2022 · 2 comments
Labels
enhancement New feature or request tracked Issue is tracked in 1Password's internal ticketing system as well.

Comments

@mstyne
Copy link

mstyne commented Jul 8, 2022

Hello 1Password,

Summary

OnePasswordItem definitions automatically create a Secret object. The presence of these Secret objects are unexpected by CD tools, such as Argo CD. The CD tools will consider an application 'out of sync' due to the presence of these objects. Adding metadata to the Secret object indicating that the fields are managed by 1Password allows the CD tool to be informed that it can safely ignore the differences between the object stored in source and the object created in production.

Use cases

Having the ability to inform CD tools that a particular object is managed outside of the source control system will prevent CD tools from displaying 'false positives' about the status of a deployed application.

Proposed solution

Upon creation of a Secret object, additional metadata fields should be added to the object indicating the fields managed by 1Password (managedFields), as well as a managedFields.manager field.

Is there a workaround to accomplish this today?

I am not aware of a means to work around this issue in the context of Argo CD; it's possible other CD tools are more forgiving / flexible in this regard.

References & Prior Work

https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/
https://kubernetes.io/docs/reference/using-api/server-side-apply/#field-management

Thanks for considering this!

@kitos9112
Copy link

Same boat. My use case is slightly different but in line with @mstyne thoughts. I'm using a custom Kubernetes operator. My internal logic would be simplified quite a lot if I could add a custom attribute to the spec of a 1PasswordItem CRD and have that metadata passed over to the automatically-created secret.

@jillianwilson
Copy link
Contributor

Hi all, thanks for the feedback! I'll have this tracked internally so we can look into implementing this in the future.

@jillianwilson jillianwilson added enhancement New feature or request tracked Issue is tracked in 1Password's internal ticketing system as well. labels Aug 8, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request tracked Issue is tracked in 1Password's internal ticketing system as well.
Projects
None yet
Development

No branches or pull requests

3 participants