Merge pull request #11 from kiwicom/improvements

Improvements

controllers/helpers_test.go

@@ -159,5 +159,8 @@ var (
 				"valid":             "key",
 			},
 		},
+		{
+			path: "secret/seeds/empty",
+		},
 	}
 )

controllers/suite_test.go

@@ -218,7 +218,9 @@ var _ = Describe("Cases", func() {
 
 			var vs k8skiwicomv1.VaultSecret
 			err = yaml.NewDecoder(fVS).Decode(&vs)
-			vs.Name = caseDir
+			if vs.Name == "" {
+				vs.Name = caseDir
+			}
 			vs.Spec.TargetSecretName = caseDir
 			vs.Spec.Auth.Token = "testtoken"
 			vs.Namespace = namespace

pkg/vault/k8s_secret.go

@@ -2,6 +2,8 @@ package vault
 
 import (
 	"context"
+	//nolint:gosec
+	"crypto/sha1"
 	"fmt"
 	"strings"
 	"unicode"
@@ -96,8 +98,16 @@ func NewSecret(ctx context.Context, vaultSecret *v1.VaultSecret, data Data) (*co
 		return nil, err
 	}
 
+	owner := vaultSecret.Name
+	if len(owner) > 63 {
+		//nolint:gosec
+		s := sha1.New()
+		s.Write([]byte(owner))
+		owner = fmt.Sprintf("%x", s.Sum(nil))
+	}
+
 	labels := map[string]string{
-		"owner":      vaultSecret.Name,
+		"owner":      owner,
 		"managed-by": ManagedByLabel,
 	}
 

pkg/vault/path_reader.go

@@ -16,7 +16,8 @@ type PathReader struct {
 }
 
 var (
-	ErrNotFound = errors.New("path doesn't exist or is empty")
+	ErrNotFound = errors.New("path doesn't exist")
+	ErrEmpty    = errors.New("path is empty")
 )
 
 func (r *PathReader) Read(path string) (map[string]any, error) {
@@ -41,14 +42,14 @@ func (r *PathReader) Read(path string) (map[string]any, error) {
 	}
 
 	if secret == nil {
-		return nil, fmt.Errorf("%w: %s", ErrNotFound, path)
+		return nil, fmt.Errorf("%w: %s", ErrEmpty, path)
 	}
 
 	if version == 2 {
 		if data, ok := secret.Data["data"]; ok && data != nil {
 			return data.(map[string]any), nil
 		} else {
-			return nil, fmt.Errorf("%w: %s", ErrNotFound, path)
+			return nil, fmt.Errorf("%w: %s", ErrEmpty, path)
 		}
 	}
 

pkg/vault/vault.go

@@ -173,6 +173,9 @@ func (r *Reader) readSecretsFromPaths() error {
 					// make a log entry and skip the broken path
 					r.log.Error(err, absolutePath)
 					continue
+				} else if errors.Is(err, ErrEmpty) {
+					// ignore empty paths
+					continue
 				}
 				return err
 			}

pkg/vault/vault_copied.go

@@ -123,14 +123,14 @@ func kvReadRequest(client *api.Client, path string, params map[string]string) (*
 		switch parseErr {
 		case nil:
 		case io.EOF:
-			return nil, nil
+			return nil, ErrNotFound
 		default:
 			return nil, err
 		}
 		if secret != nil && (len(secret.Warnings) > 0 || len(secret.Data) > 0) {
 			return secret, nil
 		}
-		return nil, nil
+		return nil, ErrNotFound
 	}
 	if err != nil {
 		return nil, err

tests/cases/case15/expected.env

@@ -0,0 +1 @@
+a=2

tests/cases/case15/expected.json

@@ -0,0 +1,3 @@
+{
+  "a": "2"
+}

tests/cases/case15/vault_secret.yaml

@@ -0,0 +1,6 @@
+metadata:
+  name: very-long-name-very-long-name-very-long-name-very-long-name-very-long-name-very-long-name
+spec:
+  separator: "_"
+  paths:
+    - path: secret/seeds/team1/project1/config

tests/cases/case16/expected.error

@@ -0,0 +1 @@
+path doesn't exist

tests/cases/case16/expected.json

@@ -0,0 +1,3 @@
+{
+
+}

tests/cases/case16/vault_secret.yaml

@@ -0,0 +1,5 @@
+spec:
+  separator: "_"
+  paths:
+    - path: secret/seeds/empty
+    - path: secret/seeds/non-existing