minor changes to vault and k8slv related to versioning and k8s type f…

…ield

.goreleaser.yaml

@@ -183,7 +183,7 @@ checksum:
   name_template: "{{ .ProjectName }}_checksums.txt"
 
 snapshot:
-  name_template: "{{ incpatch .Version }}-dev"
+  version_template: "{{ incpatch .Version }}-dev"
 
 changelog:
   sort: asc

go.mod

@@ -80,7 +80,7 @@ require (
 	github.com/google/gnostic-models v0.6.8 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
-	github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5 // indirect
+	github.com/google/pprof v0.0.0-20240829160300-da1f7e9f2b25 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/imdario/mergo v0.3.16 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect

go.sum

@@ -132,8 +132,8 @@ github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5 h1:5iH8iuqE5apketRbSFBy+X1V0o+l+8NF1avt4HWl7cA=
-github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
+github.com/google/pprof v0.0.0-20240829160300-da1f7e9f2b25 h1:sEDPKUw6iPjczdu33njxFjO6tYa9bfc0z/QyB/zSsBw=
+github.com/google/pprof v0.0.0-20240829160300-da1f7e9f2b25/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
 github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM=
 github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=

internal/core/vaults/k8s.go

@@ -2,17 +2,38 @@ package vaults
 
 import (
 	"encoding/json"
+	"reflect"
 
 	"gopkg.in/yaml.v3"
 	corev1 "k8s.io/api/core/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
 type k8slv struct {
-	metav1.TypeMeta   `json:",inline"`
-	metav1.ObjectMeta `json:"metadata,omitempty"`
-	Type              corev1.SecretType `json:"type,omitempty"`
-	Spec              *Vault            `json:"spec" yaml:"spec"`
+	Kind       string                 `json:"kind,omitempty" yaml:"kind,omitempty"`
+	APIVersion string                 `json:"apiVersion,omitempty" yaml:"apiVersion,omitempty"`
+	Metadata   map[string]interface{} `json:"metadata,omitempty" yaml:"metadata,omitempty"`
+	Type       corev1.SecretType      `json:"type,omitempty" yaml:"type,omitempty"`
+	Spec       *Vault                 `json:"spec" yaml:"spec"`
+}
+
+func structToMap(obj interface{}, toMap map[string]interface{}) {
+	val := reflect.ValueOf(obj)
+	typ := reflect.TypeOf(obj)
+
+	if val.Kind() == reflect.Ptr {
+		val = val.Elem()
+		typ = typ.Elem()
+	}
+
+	if toMap == nil {
+		toMap = make(map[string]interface{})
+	}
+
+	for i := 0; i < val.NumField(); i++ {
+		field := typ.Field(i)
+		value := val.Field(i)
+		toMap[field.Name] = value.Interface()
+	}
 }
 
 func (vlt *Vault) ToK8s(name, namespace string, k8SecretContent []byte) (err error) {
@@ -21,11 +42,10 @@ func (vlt *Vault) ToK8s(name, namespace string, k8SecretContent []byte) (err err
 	}
 	if vlt.k8s == nil {
 		vlt.k8s = &k8slv{
-			TypeMeta: metav1.TypeMeta{
-				APIVersion: k8sApiVersion,
-				Kind:       k8sKind,
-			},
-			Spec: vlt,
+			APIVersion: k8sApiVersion,
+			Kind:       k8sKind,
+			Metadata:   make(map[string]interface{}),
+			Spec:       vlt,
 		}
 	}
 	if k8SecretContent != nil {
@@ -42,12 +62,12 @@ func (vlt *Vault) ToK8s(name, namespace string, k8SecretContent []byte) (err err
 			return err
 		}
 		if k8secret.Name != "" {
-			vlt.k8s.Name = k8secret.Name
+			vlt.k8s.Metadata["name"] = k8secret.Name
 		}
-		if vlt.k8s.Name == "" {
+		if vlt.k8s.Metadata["name"] == "" {
 			return errK8sNameRequired
 		}
-		vlt.k8s.ObjectMeta = k8secret.ObjectMeta
+		structToMap(k8secret.ObjectMeta, vlt.k8s.Metadata)
 		secretDataMap := make(map[string][]byte)
 		if k8secret.Data != nil {
 			for key, value := range k8secret.Data {
@@ -69,10 +89,10 @@ func (vlt *Vault) ToK8s(name, namespace string, k8SecretContent []byte) (err err
 		}
 	}
 	if name != "" {
-		vlt.k8s.Name = name
+		vlt.k8s.Metadata["name"] = name
 	}
 	if namespace != "" {
-		vlt.k8s.Namespace = namespace
+		vlt.k8s.Metadata["namespace"] = namespace
 	}
 	return vlt.commit()
 }
@@ -93,6 +113,7 @@ func (v *Vault) DeepCopyInto(out *Vault) {
 		out.Secrets[key] = val
 	}
 	out.Config = vaultConfig{
+		Version:     v.Config.Version,
 		Id:          v.Config.Id,
 		PublicKey:   v.Config.PublicKey,
 		Hash:        v.Config.Hash,

internal/core/vaults/vault.go

@@ -15,15 +15,15 @@ import (
 )
 
 type vaultConfig struct {
+	Version     string   `json:"version,omitempty" yaml:"version,omitempty"`
 	Id          string   `json:"id" yaml:"id"`
 	PublicKey   string   `json:"publicKey" yaml:"publicKey"`
 	Hash        bool     `json:"hash,omitempty" yaml:"hash,omitempty"`
 	WrappedKeys []string `json:"wrappedKeys" yaml:"wrappedKeys"`
 }
 
 type Vault struct {
-	Version             string            `json:"version,omitempty" yaml:"version,omitempty"`
-	Secrets             map[string]string `json:"slvSecrets" yaml:"slvSecrets"`
+	Secrets             map[string]string `json:"slvSecrets,omitempty" yaml:"slvSecrets,omitempty"`
 	Config              vaultConfig       `json:"slvConfig" yaml:"slvConfig"`
 	path                string            `json:"-"`
 	publicKey           *crypto.PublicKey `json:"-"`
@@ -92,9 +92,9 @@ func New(filePath, k8sName, k8sNamespace string, k8SecretContent []byte, hash, q
 		return nil, err
 	}
 	vlt = &Vault{
-		Version:   config.Version,
 		publicKey: vaultPublicKey,
 		Config: vaultConfig{
+			Version:   semver.MajorMinor(config.Version),
 			Id:        vauldId,
 			PublicKey: vaultPubKeyStr,
 			Hash:      hash,
@@ -153,8 +153,9 @@ func getFromField(jsonData []byte, filePath string, k8s bool) (vlt *Vault, err e
 		}
 	}
 	vlt.path = filePath
-	vaultVersion := vlt.Version
-	if vaultVersion != "" && (!semver.IsValid(vaultVersion) || semver.Compare(config.Version, vaultVersion) < 0) {
+	if vlt.Config.Version != "" && config.Version != "" &&
+		(!semver.IsValid(vlt.Config.Version) || !semver.IsValid(config.Version) ||
+			semver.Compare(semver.MajorMinor(config.Version), semver.MajorMinor(vlt.Config.Version)) < 0) {
 		return nil, errVaultVersionNotRecognized
 	}
 	return vlt, nil
@@ -180,13 +181,7 @@ func (vlt *Vault) commit() error {
 	}
 	var data interface{}
 	if vlt.k8s != nil {
-		jsonData, err := json.Marshal(vlt.k8s)
-		if err != nil {
-			return err
-		}
-		if err = json.Unmarshal(jsonData, &data); err != nil {
-			return err
-		}
+		data = vlt.k8s
 	} else {
 		data = vlt
 	}

internal/k8s/api/v1/slv_types.go

@@ -17,7 +17,6 @@ limitations under the License.
 package v1
 
 import (
-	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"oss.amagi.com/slv/internal/core/vaults"
 )
@@ -43,9 +42,9 @@ type SLV struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 
-	Type   corev1.SecretType `json:"type,omitempty"`
-	Spec   SLVSpec           `json:"spec"`
-	Status SLVStatus         `json:"status,omitempty"`
+	Type   string    `json:"type,omitempty"`
+	Spec   SLVSpec   `json:"spec"`
+	Status SLVStatus `json:"status,omitempty"`
 }
 
 //+kubebuilder:object:root=true

internal/k8s/config/crd/bases/slv.oss.amagi.com_slvs.yaml

@@ -41,12 +41,14 @@ spec:
             properties:
               slvConfig:
                 properties:
-                  hashLength:
-                    type: integer
+                  hash:
+                    type: boolean
                   id:
                     type: string
                   publicKey:
                     type: string
+                  version:
+                    type: string
                   wrappedKeys:
                     items:
                       type: string
@@ -60,11 +62,8 @@ spec:
                 additionalProperties:
                   type: string
                 type: object
-              version:
-                type: string
             required:
             - slvConfig
-            - slvSecrets
             type: object
           status:
             description: SLVStatus defines the observed state of SLV

internal/k8s/internal/controller/slv_controller.go

@@ -147,7 +147,7 @@ func (r *SLVReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.R
 						},
 					},
 				},
-				Type: slvObj.Type,
+				Type: corev1.SecretType(slvObj.Type),
 				Data: slvSecretMap,
 			}
 			if secret.Annotations == nil {
@@ -189,8 +189,8 @@ func (r *SLVReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.R
 			secret.Annotations[slvVersionAnnotationKey] = config.Version
 			updateRequired = true
 		}
-		if secret.Type != slvObj.Type {
-			secret.Type = slvObj.Type
+		if string(secret.Type) != slvObj.Type {
+			secret.Type = corev1.SecretType(slvObj.Type)
 			updateRequired = true
 		}
 		var msg string

internal/k8s/job/reconciler.go

@@ -78,7 +78,7 @@ func toSecret(clientset *kubernetes.Clientset, secretKey *crypto.SecretKey, slvO
 					Namespace:   slvObj.Namespace,
 					Annotations: slvObj.Annotations,
 				},
-				Type: slvObj.Type,
+				Type: corev1.SecretType(slvObj.Type),
 				Data: slvSecretMap,
 			}
 			if secret.Annotations == nil {
@@ -114,8 +114,8 @@ func toSecret(clientset *kubernetes.Clientset, secretKey *crypto.SecretKey, slvO
 			secret.Annotations[slvVersionAnnotationKey] = config.Version
 			updateRequired = true
 		}
-		if secret.Type != slvObj.Type {
-			secret.Type = slvObj.Type
+		if string(secret.Type) != slvObj.Type {
+			secret.Type = corev1.SecretType(slvObj.Type)
 			updateRequired = true
 		}
 		var msg string