rbac fix

helm-charts/secrets-operator/Chart.yaml

@@ -13,9 +13,9 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: v0.10.2
+version: v0.10.3
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "v0.10.2"
+appVersion: "v0.10.3"

helm-charts/secrets-operator/templates/infisicaldynamicsecret-admin-rbac.yaml

@@ -1,49 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-{{- if and .Values.scopedNamespace .Values.scopedRBAC }}
-kind: Role
-{{- else }}
-kind: ClusterRole
-{{- end }}
-metadata:
-  name: {{ include "secrets-operator.fullname" . }}-infisicaldynamicsecret-admin-role
-  {{- if and .Values.scopedNamespace .Values.scopedRBAC }}
-  namespace: {{ .Values.scopedNamespace | quote }}
-  {{- end }}
-  labels:
-  {{- include "secrets-operator.labels" . | nindent 4 }}
-rules:
-- apiGroups:
-  - secrets.infisical.com
-  resources:
-  - infisicaldynamicsecrets
-  verbs:
-  - '*'
-- apiGroups:
-  - secrets.infisical.com
-  resources:
-  - infisicaldynamicsecrets/status
-  verbs:
-  - get
----
-apiVersion: rbac.authorization.k8s.io/v1
-{{- if and .Values.scopedNamespace .Values.scopedRBAC }}
-kind: RoleBinding
-{{- else }}
-kind: ClusterRoleBinding
-{{- end }}
-metadata:
-  name: {{ include "secrets-operator.fullname" . }}-infisicaldynamicsecret-admin-rolebinding
-  {{- if and .Values.scopedNamespace .Values.scopedRBAC }}
-  namespace: {{ .Values.scopedNamespace | quote }}
-  {{- end }}
-  labels:
-
-  {{- include "secrets-operator.labels" . | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  {{- if and .Values.scopedNamespace .Values.scopedRBAC }}
-  kind: Role
-  {{- else }}
-  kind: ClusterRole
-  {{- end }}
-  name: '{{ include "secrets-operator.fullname" . }}-infisicaldynamicsecret-admin-role'

helm-charts/secrets-operator/templates/infisicaldynamicsecret-editor-rbac.yaml

@@ -1,55 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-{{- if and .Values.scopedNamespace .Values.scopedRBAC }}
-kind: Role
-{{- else }}
-kind: ClusterRole
-{{- end }}
-metadata:
-  name: {{ include "secrets-operator.fullname" . }}-infisicaldynamicsecret-editor-role
-  {{- if and .Values.scopedNamespace .Values.scopedRBAC }}
-  namespace: {{ .Values.scopedNamespace | quote }}
-  {{- end }}
-  labels:
-  {{- include "secrets-operator.labels" . | nindent 4 }}
-rules:
-- apiGroups:
-  - secrets.infisical.com
-  resources:
-  - infisicaldynamicsecrets
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - secrets.infisical.com
-  resources:
-  - infisicaldynamicsecrets/status
-  verbs:
-  - get
----
-apiVersion: rbac.authorization.k8s.io/v1
-{{- if and .Values.scopedNamespace .Values.scopedRBAC }}
-kind: RoleBinding
-{{- else }}
-kind: ClusterRoleBinding
-{{- end }}
-metadata:
-  name: {{ include "secrets-operator.fullname" . }}-infisicaldynamicsecret-editor-rolebinding
-  {{- if and .Values.scopedNamespace .Values.scopedRBAC }}
-  namespace: {{ .Values.scopedNamespace | quote }}
-  {{- end }}
-  labels:
-
-  {{- include "secrets-operator.labels" . | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  {{- if and .Values.scopedNamespace .Values.scopedRBAC }}
-  kind: Role
-  {{- else }}
-  kind: ClusterRole
-  {{- end }}
-  name: '{{ include "secrets-operator.fullname" . }}-infisicaldynamicsecret-editor-role'

helm-charts/secrets-operator/templates/infisicaldynamicsecret-viewer-rbac.yaml

@@ -1,51 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-{{- if and .Values.scopedNamespace .Values.scopedRBAC }}
-kind: Role
-{{- else }}
-kind: ClusterRole
-{{- end }}
-metadata:
-  name: {{ include "secrets-operator.fullname" . }}-infisicaldynamicsecret-viewer-role
-  {{- if and .Values.scopedNamespace .Values.scopedRBAC }}
-  namespace: {{ .Values.scopedNamespace | quote }}
-  {{- end }}
-  labels:
-  {{- include "secrets-operator.labels" . | nindent 4 }}
-rules:
-- apiGroups:
-  - secrets.infisical.com
-  resources:
-  - infisicaldynamicsecrets
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - secrets.infisical.com
-  resources:
-  - infisicaldynamicsecrets/status
-  verbs:
-  - get
----
-apiVersion: rbac.authorization.k8s.io/v1
-{{- if and .Values.scopedNamespace .Values.scopedRBAC }}
-kind: RoleBinding
-{{- else }}
-kind: ClusterRoleBinding
-{{- end }}
-metadata:
-  name: {{ include "secrets-operator.fullname" . }}-infisicaldynamicsecret-viewer-rolebinding
-  {{- if and .Values.scopedNamespace .Values.scopedRBAC }}
-  namespace: {{ .Values.scopedNamespace | quote }}
-  {{- end }}
-  labels:
-
-  {{- include "secrets-operator.labels" . | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  {{- if and .Values.scopedNamespace .Values.scopedRBAC }}
-  kind: Role
-  {{- else }}
-  kind: ClusterRole
-  {{- end }}
-  name: '{{ include "secrets-operator.fullname" . }}-infisicaldynamicsecret-viewer-role'

helm-charts/secrets-operator/templates/infisicalpushsecretsecret-admin-rbac.yaml

@@ -1,49 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-{{- if and .Values.scopedNamespace .Values.scopedRBAC }}
-kind: Role
-{{- else }}
-kind: ClusterRole
-{{- end }}
-metadata:
-  name: {{ include "secrets-operator.fullname" . }}-infisicalpushsecretsecret-admin-role
-  {{- if and .Values.scopedNamespace .Values.scopedRBAC }}
-  namespace: {{ .Values.scopedNamespace | quote }}
-  {{- end }}
-  labels:
-  {{- include "secrets-operator.labels" . | nindent 4 }}
-rules:
-- apiGroups:
-  - secrets.infisical.com
-  resources:
-  - infisicalpushsecretsecrets
-  verbs:
-  - '*'
-- apiGroups:
-  - secrets.infisical.com
-  resources:
-  - infisicalpushsecretsecrets/status
-  verbs:
-  - get
----
-apiVersion: rbac.authorization.k8s.io/v1
-{{- if and .Values.scopedNamespace .Values.scopedRBAC }}
-kind: RoleBinding
-{{- else }}
-kind: ClusterRoleBinding
-{{- end }}
-metadata:
-  name: {{ include "secrets-operator.fullname" . }}-infisicalpushsecretsecret-admin-rolebinding
-  {{- if and .Values.scopedNamespace .Values.scopedRBAC }}
-  namespace: {{ .Values.scopedNamespace | quote }}
-  {{- end }}
-  labels:
-
-  {{- include "secrets-operator.labels" . | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  {{- if and .Values.scopedNamespace .Values.scopedRBAC }}
-  kind: Role
-  {{- else }}
-  kind: ClusterRole
-  {{- end }}
-  name: '{{ include "secrets-operator.fullname" . }}-infisicalpushsecretsecret-admin-role'

helm-charts/secrets-operator/templates/infisicalpushsecretsecret-editor-rbac.yaml

@@ -1,55 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-{{- if and .Values.scopedNamespace .Values.scopedRBAC }}
-kind: Role
-{{- else }}
-kind: ClusterRole
-{{- end }}
-metadata:
-  name: {{ include "secrets-operator.fullname" . }}-infisicalpushsecretsecret-editor-role
-  {{- if and .Values.scopedNamespace .Values.scopedRBAC }}
-  namespace: {{ .Values.scopedNamespace | quote }}
-  {{- end }}
-  labels:
-  {{- include "secrets-operator.labels" . | nindent 4 }}
-rules:
-- apiGroups:
-  - secrets.infisical.com
-  resources:
-  - infisicalpushsecretsecrets
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - secrets.infisical.com
-  resources:
-  - infisicalpushsecretsecrets/status
-  verbs:
-  - get
----
-apiVersion: rbac.authorization.k8s.io/v1
-{{- if and .Values.scopedNamespace .Values.scopedRBAC }}
-kind: RoleBinding
-{{- else }}
-kind: ClusterRoleBinding
-{{- end }}
-metadata:
-  name: {{ include "secrets-operator.fullname" . }}-infisicalpushsecretsecret-editor-rolebinding
-  {{- if and .Values.scopedNamespace .Values.scopedRBAC }}
-  namespace: {{ .Values.scopedNamespace | quote }}
-  {{- end }}
-  labels:
-
-  {{- include "secrets-operator.labels" . | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  {{- if and .Values.scopedNamespace .Values.scopedRBAC }}
-  kind: Role
-  {{- else }}
-  kind: ClusterRole
-  {{- end }}
-  name: '{{ include "secrets-operator.fullname" . }}-infisicalpushsecretsecret-editor-role'

helm-charts/secrets-operator/templates/infisicalpushsecretsecret-viewer-rbac.yaml

@@ -1,51 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-{{- if and .Values.scopedNamespace .Values.scopedRBAC }}
-kind: Role
-{{- else }}
-kind: ClusterRole
-{{- end }}
-metadata:
-  name: {{ include "secrets-operator.fullname" . }}-infisicalpushsecretsecret-viewer-role
-  {{- if and .Values.scopedNamespace .Values.scopedRBAC }}
-  namespace: {{ .Values.scopedNamespace | quote }}
-  {{- end }}
-  labels:
-  {{- include "secrets-operator.labels" . | nindent 4 }}
-rules:
-- apiGroups:
-  - secrets.infisical.com
-  resources:
-  - infisicalpushsecretsecrets
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - secrets.infisical.com
-  resources:
-  - infisicalpushsecretsecrets/status
-  verbs:
-  - get
----
-apiVersion: rbac.authorization.k8s.io/v1
-{{- if and .Values.scopedNamespace .Values.scopedRBAC }}
-kind: RoleBinding
-{{- else }}
-kind: ClusterRoleBinding
-{{- end }}
-metadata:
-  name: {{ include "secrets-operator.fullname" . }}-infisicalpushsecretsecret-viewer-rolebinding
-  {{- if and .Values.scopedNamespace .Values.scopedRBAC }}
-  namespace: {{ .Values.scopedNamespace | quote }}
-  {{- end }}
-  labels:
-
-  {{- include "secrets-operator.labels" . | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  {{- if and .Values.scopedNamespace .Values.scopedRBAC }}
-  kind: Role
-  {{- else }}
-  kind: ClusterRole
-  {{- end }}
-  name: '{{ include "secrets-operator.fullname" . }}-infisicalpushsecretsecret-viewer-role'

helm-charts/secrets-operator/templates/infisicalsecret-admin-rbac.yaml

@@ -1,49 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-{{- if and .Values.scopedNamespace .Values.scopedRBAC }}
-kind: Role
-{{- else }}
-kind: ClusterRole
-{{- end }}
-metadata:
-  name: {{ include "secrets-operator.fullname" . }}-infisicalsecret-admin-role
-  {{- if and .Values.scopedNamespace .Values.scopedRBAC }}
-  namespace: {{ .Values.scopedNamespace | quote }}
-  {{- end }}
-  labels:
-  {{- include "secrets-operator.labels" . | nindent 4 }}
-rules:
-- apiGroups:
-  - secrets.infisical.com
-  resources:
-  - infisicalsecrets
-  verbs:
-  - '*'
-- apiGroups:
-  - secrets.infisical.com
-  resources:
-  - infisicalsecrets/status
-  verbs:
-  - get
----
-apiVersion: rbac.authorization.k8s.io/v1
-{{- if and .Values.scopedNamespace .Values.scopedRBAC }}
-kind: RoleBinding
-{{- else }}
-kind: ClusterRoleBinding
-{{- end }}
-metadata:
-  name: {{ include "secrets-operator.fullname" . }}-infisicalsecret-admin-rolebinding
-  {{- if and .Values.scopedNamespace .Values.scopedRBAC }}
-  namespace: {{ .Values.scopedNamespace | quote }}
-  {{- end }}
-  labels:
-
-  {{- include "secrets-operator.labels" . | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  {{- if and .Values.scopedNamespace .Values.scopedRBAC }}
-  kind: Role
-  {{- else }}
-  kind: ClusterRole
-  {{- end }}
-  name: '{{ include "secrets-operator.fullname" . }}-infisicalsecret-admin-role'

helm-charts/secrets-operator/templates/infisicalsecret-editor-rbac.yaml

@@ -1,55 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-{{- if and .Values.scopedNamespace .Values.scopedRBAC }}
-kind: Role
-{{- else }}
-kind: ClusterRole
-{{- end }}
-metadata:
-  name: {{ include "secrets-operator.fullname" . }}-infisicalsecret-editor-role
-  {{- if and .Values.scopedNamespace .Values.scopedRBAC }}
-  namespace: {{ .Values.scopedNamespace | quote }}
-  {{- end }}
-  labels:
-  {{- include "secrets-operator.labels" . | nindent 4 }}
-rules:
-- apiGroups:
-  - secrets.infisical.com
-  resources:
-  - infisicalsecrets
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - secrets.infisical.com
-  resources:
-  - infisicalsecrets/status
-  verbs:
-  - get
----
-apiVersion: rbac.authorization.k8s.io/v1
-{{- if and .Values.scopedNamespace .Values.scopedRBAC }}
-kind: RoleBinding
-{{- else }}
-kind: ClusterRoleBinding
-{{- end }}
-metadata:
-  name: {{ include "secrets-operator.fullname" . }}-infisicalsecret-editor-rolebinding
-  {{- if and .Values.scopedNamespace .Values.scopedRBAC }}
-  namespace: {{ .Values.scopedNamespace | quote }}
-  {{- end }}
-  labels:
-
-  {{- include "secrets-operator.labels" . | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  {{- if and .Values.scopedNamespace .Values.scopedRBAC }}
-  kind: Role
-  {{- else }}
-  kind: ClusterRole
-  {{- end }}
-  name: '{{ include "secrets-operator.fullname" . }}-infisicalsecret-editor-role'

helm-charts/secrets-operator/templates/infisicalsecret-viewer-rbac.yaml

@@ -1,51 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-{{- if and .Values.scopedNamespace .Values.scopedRBAC }}
-kind: Role
-{{- else }}
-kind: ClusterRole
-{{- end }}
-metadata:
-  name: {{ include "secrets-operator.fullname" . }}-infisicalsecret-viewer-role
-  {{- if and .Values.scopedNamespace .Values.scopedRBAC }}
-  namespace: {{ .Values.scopedNamespace | quote }}
-  {{- end }}
-  labels:
-  {{- include "secrets-operator.labels" . | nindent 4 }}
-rules:
-- apiGroups:
-  - secrets.infisical.com
-  resources:
-  - infisicalsecrets
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - secrets.infisical.com
-  resources:
-  - infisicalsecrets/status
-  verbs:
-  - get
----
-apiVersion: rbac.authorization.k8s.io/v1
-{{- if and .Values.scopedNamespace .Values.scopedRBAC }}
-kind: RoleBinding
-{{- else }}
-kind: ClusterRoleBinding
-{{- end }}
-metadata:
-  name: {{ include "secrets-operator.fullname" . }}-infisicalsecret-viewer-rolebinding
-  {{- if and .Values.scopedNamespace .Values.scopedRBAC }}
-  namespace: {{ .Values.scopedNamespace | quote }}
-  {{- end }}
-  labels:
-
-  {{- include "secrets-operator.labels" . | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  {{- if and .Values.scopedNamespace .Values.scopedRBAC }}
-  kind: Role
-  {{- else }}
-  kind: ClusterRole
-  {{- end }}
-  name: '{{ include "secrets-operator.fullname" . }}-infisicalsecret-viewer-role'

helm-charts/secrets-operator/values.yaml

@@ -12,7 +12,7 @@ controllerManager:
       readOnlyRootFilesystem: true
     image:
       repository: infisical/kubernetes-operator
-      tag: v0.10.2
+      tag: v0.10.3
     resources:
       limits:
         cpu: 500m

k8-operator/PROJECT

@@ -24,7 +24,7 @@ resources:
   controller: true
   domain: infisical.com
   group: secrets
-  kind: InfisicalPushSecretSecret
+  kind: InfisicalPushSecret
   path: github.com/Infisical/infisical/k8-operator/api/v1alpha1
   version: v1alpha1
 - api:

k8-operator/api/v1alpha1/infisicalpushsecret_types.go

@@ -16,7 +16,7 @@ type InfisicalPushSecretDestination struct {
 	ProjectID string `json:"projectId"`
 }
 
-type InfisicalPushSecretSecretSource struct {
+type InfisicalPushSecretSource struct {
 	// The name of the Kubernetes Secret
 	// +kubebuilder:validation:Required
 	SecretName string `json:"secretName"`
@@ -48,7 +48,7 @@ type SecretPushGenerator struct {
 
 type SecretPush struct {
 	// +kubebuilder:validation:Optional
-	Secret *InfisicalPushSecretSecretSource `json:"secret,omitempty"`
+	Secret *InfisicalPushSecretSource `json:"secret,omitempty"`
 	// +kubebuilder:validation:Optional
 	Generators []SecretPushGenerator `json:"generators,omitempty"`
 }

k8-operator/config/rbac/kustomization.yaml

@@ -22,13 +22,13 @@ resources:
 # default, aiding admins in cluster management. Those roles are
 # not used by the k8-operator itself. You can comment the following lines
 # if you do not want those helpers be installed with your Project.
-- infisicaldynamicsecret_admin_role.yaml
+# - infisicaldynamicsecret_admin_role.yaml
-- infisicaldynamicsecret_editor_role.yaml
+# - infisicaldynamicsecret_editor_role.yaml
-- infisicaldynamicsecret_viewer_role.yaml
+# - infisicaldynamicsecret_viewer_role.yaml
-- infisicalpushsecretsecret_admin_role.yaml
+# - infisicalpushsecret_admin_role.yaml
-- infisicalpushsecretsecret_editor_role.yaml
+# - infisicalpushsecret_editor_role.yaml
-- infisicalpushsecretsecret_viewer_role.yaml
+# - infisicalpushsecret_viewer_role.yaml
-- infisicalsecret_admin_role.yaml
+# - infisicalsecret_admin_role.yaml
-- infisicalsecret_editor_role.yaml
+# - infisicalsecret_editor_role.yaml
-- infisicalsecret_viewer_role.yaml
+# - infisicalsecret_viewer_role.yaml
 

k8-operator/internal/controller/infisicalpushsecret_controller.go

@@ -42,7 +42,7 @@ import (
 	"github.com/go-logr/logr"
 )
 
-// InfisicalPushSecretReconciler reconciles a InfisicalPushSecretSecret object
+// InfisicalPushSecretReconciler reconciles a InfisicalPushSecret object
 type InfisicalPushSecretReconciler struct {
 	client.Client
 	BaseLogger        logr.Logger

k8-operator/internal/controller/infisicalpushsecret_controller_test.go

@@ -30,7 +30,7 @@ import (
 	secretsv1alpha1 "github.com/Infisical/infisical/k8-operator/api/v1alpha1"
 )
 
-var _ = Describe("InfisicalPushSecretSecret Controller", func() {
+var _ = Describe("InfisicalPushSecret Controller", func() {
 	Context("When reconciling a resource", func() {
 		const resourceName = "test-resource"
 
@@ -40,11 +40,11 @@ var _ = Describe("InfisicalPushSecretSecret Controller", func() {
 			Name:      resourceName,
 			Namespace: "default", // TODO(user):Modify as needed
 		}
-		infisicalpushsecretsecret := &secretsv1alpha1.InfisicalPushSecret{}
+		infisicalpushsecret := &secretsv1alpha1.InfisicalPushSecret{}
 
 		BeforeEach(func() {
-			By("creating the custom resource for the Kind InfisicalPushSecretSecret")
+			By("creating the custom resource for the Kind InfisicalPushSecret")
-			err := k8sClient.Get(ctx, typeNamespacedName, infisicalpushsecretsecret)
+			err := k8sClient.Get(ctx, typeNamespacedName, infisicalpushsecret)
 			if err != nil && errors.IsNotFound(err) {
 				resource := &secretsv1alpha1.InfisicalPushSecret{
 					ObjectMeta: metav1.ObjectMeta{
@@ -63,7 +63,7 @@ var _ = Describe("InfisicalPushSecretSecret Controller", func() {
 			err := k8sClient.Get(ctx, typeNamespacedName, resource)
 			Expect(err).NotTo(HaveOccurred())
 
-			By("Cleanup the specific resource instance InfisicalPushSecretSecret")
+			By("Cleanup the specific resource instance InfisicalPushSecret")
 			Expect(k8sClient.Delete(ctx, resource)).To(Succeed())
 		})
 		It("should successfully reconcile the resource", func() {