Merge branch 'daniel/k8-operator-go-sdk' of https://github.com/Infisical/infisical into daniel/k8-operator-go-sdk

2026-05-02 03:02:03 -04:00 · 2024-06-14 00:24:06 +02:00
parent 3947e3dabf fe6e5e09ac
commit 7edcf5ff90
3 changed files with 15 additions and 16 deletions
--- a/k8-operator/config/samples/k8s-auth/sample.yaml
+++ b/k8-operator/config/samples/k8s-auth/sample.yaml
@@ -12,8 +12,10 @@ spec:
    authentication:
        # Native Kubernetes Auth
        kubernetesAuth:
-            identityId: 8c0c9823-7249-4043-b292-a861fb9b1b50
-            # serviceAccountTokenPath: "/var/run/secrets/kubernetes.io/serviceaccount/token" # Optional, defaults to /var/run/secrets/kubernetes.io/serviceaccount/token
+            identityId: <>
+            serviceAccountRef:
+              name: infisical-auth
+              namespace: default

            # secretsScope is identical to the secrets scope in the universalAuth field in this sample.
            secretsScope:
@@ -24,7 +26,7 @@ spec:


    managedSecretReference:
-        secretName: managed-secret
+        secretName: managed-secret-k8s
        secretNamespace: default
        creationPolicy: "Orphan" ## Owner | Orphan
        # secretType: kubernetes.io/dockerconfigjson
--- a/k8-operator/controllers/infisicalsecret_controller.go
+++ b/k8-operator/controllers/infisicalsecret_controller.go
@@ -9,7 +9,7 @@ import (
 	"k8s.io/apimachinery/pkg/runtime"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
-	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
+	controllerUtil "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"

 	secretsv1alpha1 "github.com/Infisical/infisical/k8-operator/api/v1alpha1"
 	"github.com/Infisical/infisical/k8-operator/packages/api"
@@ -45,8 +45,8 @@ var resourceVariablesMap = make(map[string]ResourceVariables)
 const FINALIZER_NAME = "secrets.finalizers.infisical.com"

 func (r *InfisicalSecretReconciler) addFinalizer(ctx context.Context, infisicalSecret *secretsv1alpha1.InfisicalSecret) error {
-	if !controllerutil.ContainsFinalizer(infisicalSecret, FINALIZER_NAME) {
-		controllerutil.AddFinalizer(infisicalSecret, FINALIZER_NAME)
+	if !controllerUtil.ContainsFinalizer(infisicalSecret, FINALIZER_NAME) {
+		controllerUtil.AddFinalizer(infisicalSecret, FINALIZER_NAME)
 		if err := r.Update(ctx, infisicalSecret); err != nil {
 			return err
 		}
@@ -55,12 +55,12 @@ func (r *InfisicalSecretReconciler) addFinalizer(ctx context.Context, infisicalS
 }

 func (r *InfisicalSecretReconciler) handleFinalizer(ctx context.Context, infisicalSecret *secretsv1alpha1.InfisicalSecret) error {
-	if controllerutil.ContainsFinalizer(infisicalSecret, FINALIZER_NAME) {
+	if controllerUtil.ContainsFinalizer(infisicalSecret, FINALIZER_NAME) {
 		// Cleanup deployment variables
 		delete(resourceVariablesMap, string(infisicalSecret.UID))

 		// Remove the finalizer and update the resource
-		controllerutil.RemoveFinalizer(infisicalSecret, FINALIZER_NAME)
+		controllerUtil.RemoveFinalizer(infisicalSecret, FINALIZER_NAME)
 		if err := r.Update(ctx, infisicalSecret); err != nil {
 			return err
 		}
@@ -75,12 +75,12 @@ func (r *InfisicalSecretReconciler) Reconcile(ctx context.Context, req ctrl.Requ
 	err := r.Get(ctx, req.NamespacedName, &infisicalSecretCR)
 	if err != nil {
 		if errors.IsNotFound(err) {
-			fmt.Printf("Infisical Secret CRD not found [err=%v]", err)
+			fmt.Printf("\nInfisical Secret CRD not found [err=%v]", err)
 			return ctrl.Result{
 				Requeue: false,
 			}, nil
 		} else {
-			fmt.Printf("Unable to fetch Infisical Secret CRD from cluster because [err=%v]", err)
+			fmt.Printf("\nUnable to fetch Infisical Secret CRD from cluster because [err=%v]", err)
 			return ctrl.Result{
 				RequeueAfter: requeueTime,
 			}, nil
--- a/k8-operator/controllers/infisicalsecret_helper.go
+++ b/k8-operator/controllers/infisicalsecret_helper.go
@@ -381,20 +381,17 @@ func (r *InfisicalSecretReconciler) ReconcileInfisicalSecret(ctx context.Context
 			return fmt.Errorf("\nfailed to get secrets because [err=%v]", err)
 		}

-		fmt.Println("ReconcileInfisicalSecret: Fetched secrets via service token")
+		fmt.Println("ReconcileInfisicalSecret: Fetched secrets via [type=SERVICE_TOKEN]")
 	} else if authDetails.isMachineIdentityAuth { // * Machine Identity authentication, the SDK will be authenticated at this point
-
-		fmt.Println("ReconcileInfisicalSecret: Fetching secrets via machine identity")
-
 		plainTextSecretsFromApi, updateDetails, err = util.GetPlainTextSecretsViaMachineIdentity(infisicalClient, secretVersionBasedOnETag, authDetails.machineIdentityScope)

 		if err != nil {
 			return fmt.Errorf("\nfailed to get secrets because [err=%v]", err)
 		}
-		fmt.Println("ReconcileInfisicalSecret: Fetched secrets via universal auth")
+		fmt.Printf("ReconcileInfisicalSecret: Fetched secrets via machine identity [type=%v]\n", authDetails.authStrategy)

 	} else {
-		return fmt.Errorf("no authentication method provided. You must provide either a valid service token or a service account details to fetch secrets")
+		return errors.New("no authentication method provided yet. Please configure a authentication method then try again")
 	}

 	if !updateDetails.Modified {