Labels for Secrets

[mbathe19]

Hi,

I was wondering if there is a way to add labels to the secret? Some applications need them f.e. argocd.

Example:

spec:
  content:
    - element:
        secretName: 'username' # for example password
        secretRef: 'username'
        secretScope: 'login' # for custom entries on bitwarden use 'fields'
  name: 'name'
  namespace: 'namespace'
  labels:
    label: 'xyz'

Is it possible or is there another way?

Regards

[Lerentis]

Hi @mbathe19 ,
yeah sure. this will require a update of the CRD but should not be a stopper. i started with the implementation but need more time to properly test everything. happy new year btw and thanks for the idea

[Lerentis]

Hi @mbathe19 ,
feature added and released with https://github.com/Lerentis/bitwarden-crd-operator/releases/tag/bitwarden-crd-operator-v0.11.0

[mbathe19]

Hi Lerentis,

also happy new year!
Unfortunately the new release doesn't work for me:
{"message": "b'(node:52) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.\\n(Use `node --trace-deprecation ...` to show where the warning was created)\\n'", "timestamp": "2024-01-07T02:20:59.000601+00:00", "severity": "warn"}{"message": "b'(node:63) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.\\n(Use `node --trace-deprecation ...` to show where the warning was created)\\n'", "timestamp": "2024-01-07T02:21:04.978691+00:00", "severity": "warn"}{"message": "Activity 'load_schedules' failed with an exception. Will retry.", "exc_info": "Traceback (most recent call last):\n File \"/usr/lib/python3.11/site-packages/kopf/_core/actions/execution.py\", line 276, in execute_handler_once\n result = await invoke_handler(\n ^^^^^^^^^^^^^^^^^^^^^\n File \"/usr/lib/python3.11/site-packages/kopf/_core/actions/execution.py\", line 371, in invoke_handler\n result = await invocation.invoke(\n ^^^^^^^^^^^^^^^^^^^^^^^^\n File \"/usr/lib/python3.11/site-packages/kopf/_core/actions/invocation.py\", line 139, in invoke\n await asyncio.shield(future) # slightly expensive: creates tasks\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"/usr/lib/python3.11/concurrent/futures/thread.py\", line 58, in run\n result = self.fn(*self.args, **self.kwargs)\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"/home/bw-operator/bitwardenCrdOperator.py\", line 39, in load_schedules\n bitwarden_signin(logger)\n File \"/home/bw-operator/bitwardenCrdOperator.py\", line 21, in bitwarden_signin\n unlock_bw(logger)\n File \"/home/bw-operator/utils/utils.py\", line 48, in unlock_bw\n status = status_output['data']['template']['status']\n ~~~~~~~~~~~~~^^^^^^^^\nTypeError: 'NoneType' object is not subscriptable", "timestamp": "2024-01-07T02:21:04.982408+00:00", "severity": "error"}

[Lerentis]

In the unlock function? Oo
I did not event touch this part of the code. Can you enable debug mode (setting a env with the name DEBUG to true) and share redacted logs?
Also can you maybe try to build an image with 9f4264d reverted?
As there is no output from the bitwarden cli directly I expect it to crash

[mbathe19]

Hi,

I enabled the debug log but unfortunately the same output.

{"message": "b'Could not find dir, \"/home/bw-operator/.config/Bitwarden CLI\"; creating it instead.\\nCould not find data file, \"/home/bw-operator/.config/Bitwarden CLI/data.json\"; creating it instead.\\n(node:10) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.\\n(Use `node --trace-deprecation ...` to show where the warning was created)\\n'", "timestamp": "2024-01-07T11:20:04.909596+00:00", "severity": "warn"}{"message": "b'(node:21) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.\\n(Use `node --trace-deprecation ...` to show where the warning was created)\\n'", "timestamp": "2024-01-07T11:20:11.881617+00:00", "severity": "warn"}{"message": "b'(node:32) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.\\n(Use `node --trace-deprecation ...` to show where the warning was created)\\n'", "timestamp": "2024-01-07T11:20:17.374625+00:00", "severity": "warn"}{"message": "Activity 'load_schedules' failed with an exception. Will retry.", "exc_info": "Traceback (most recent call last):\n  File \"/usr/lib/python3.11/site-packages/kopf/_core/actions/execution.py\", line 276, in execute_handler_once\n    result = await invoke_handler(\n

Changing the image back to 0.9.1 brings the operator back to life. But the labels arn't passtrough also.
I will habe a look to build the image and test it again.

[Lerentis]

Hi @mbathe19 ,
i can confirm this on my k8s cluster as well. we recently migrated to arm there.
the bad part is that arm support for the bitwarden cli is subpar at best. the current version can not even be build with npm on arm. the good part is that there is a PR open that should improve the situation in the future: bitwarden/clients#7338

i further tracked the problem to be the nodejs version that is installed. downgrading to the LTS version fixes the issue. see PR #63