feat: support public api go-dvls (#11)

Author: DannyBedard

Makefile

@@ -3,7 +3,7 @@
 # To re-generate a bundle for another specific version without changing the standard setup, you can:
 # - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2)
 # - use environment variables to overwrite this value (e.g export VERSION=0.0.2)
-VERSION ?= 0.1.0
+VERSION ?= 0.2.0
 
 # CHANNELS define the bundle channels used in the bundle.
 # Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable")

api/v1alpha1/dvlssecret_types.go

@@ -29,6 +29,7 @@ type DvlsSecretSpec struct {
 	// Important: Run "make" to regenerate code after modifying this file
 
 	EntryID string `json:"entryId"` // entry id on dvls
+	VaultID string `json:"vaultId"` // vault id on dvls
 }
 
 // DvlsSecretStatus defines the observed state of DvlsSecret

controllers/dvlssecret_controller.go

@@ -92,7 +92,7 @@ func (r *DvlsSecretReconciler) Reconcile(ctx context.Context, req ctrl.Request)
 		}
 	}
 
-	entry, err := DvlsClient.GetEntry(dvlsSecret.Spec.EntryID)
+	entry, err := DvlsClient.Entries.Credential.GetById(dvlsSecret.Spec.VaultID, dvlsSecret.Spec.EntryID)
 	if err != nil {
 		log.Error(err, "unable to fetch dvls entry", "entryId", dvlsSecret.Spec.EntryID)
 		meta.SetStatusCondition(&dvlsSecret.Status.Conditions, v1.Condition{Type: statusDegradedDvlsSecret, Status: v1.ConditionTrue, Reason: "Reconciling", Message: "Unable to fetch entry on DVLS instance"})
@@ -102,8 +102,8 @@ func (r *DvlsSecretReconciler) Reconcile(ctx context.Context, req ctrl.Request)
 		return ctrl.Result{}, nil
 	}
 
-	if entry.ConnectionType != dvls.ServerConnectionCredential || entry.ConnectionSubType != dvls.ServerConnectionSubTypeDefault {
-		log.Error(err, "entry type not supported, only username/password entries are supported", "entryId", dvlsSecret.Spec.EntryID, "entryType", entry.ConnectionType, "entrySubType", entry.ConnectionSubType)
+	if entry.Type != string(dvls.ServerConnectionCredential) || entry.SubType != string(dvls.ServerConnectionSubTypeDefault) {
+		log.Error(err, "entry type not supported, only username/password entries are supported", "entryId", dvlsSecret.Spec.EntryID, "entryType", entry.Type, "entrySubType", entry.SubType)
 		meta.SetStatusCondition(&dvlsSecret.Status.Conditions, v1.Condition{Type: statusDegradedDvlsSecret, Status: v1.ConditionTrue, Reason: "Reconciling", Message: "Entry type not supported, only username/password entries are supported"})
 		if err := r.Status().Update(ctx, dvlsSecret); err != nil {
 			log.Error(err, "Failed to update DvlsSecret status")
@@ -119,9 +119,9 @@ func (r *DvlsSecretReconciler) Reconcile(ctx context.Context, req ctrl.Request)
 	kSecretNotFound := apierrors.IsNotFound(err)
 
 	var entryTime, secretTime time.Time
-	if !dvlsSecret.Status.EntryModifiedDate.IsZero() && entry.ModifiedDate != nil {
+	if !dvlsSecret.Status.EntryModifiedDate.IsZero() && entry.ModifiedOn != nil {
 		secretTime = dvlsSecret.Status.EntryModifiedDate.Time
-		entryTime = entry.ModifiedDate.Time
+		entryTime = entry.ModifiedOn.Time
 	}
 
 	if entryTime.Equal(secretTime) && !kSecretNotFound {
@@ -130,21 +130,19 @@ func (r *DvlsSecretReconciler) Reconcile(ctx context.Context, req ctrl.Request)
 		}, nil
 	}
 
-	secret, err := DvlsClient.GetEntryCredentialsPassword(entry)
-	if err != nil {
-		log.Error(err, "unable to fetch dvls secret", "entryId", dvlsSecret.Spec.EntryID)
-		meta.SetStatusCondition(&dvlsSecret.Status.Conditions, v1.Condition{Type: statusDegradedDvlsSecret, Status: v1.ConditionTrue, Reason: "Reconciling", Message: "Unable to fetch secret on DVLS instance"})
-		if err := r.Status().Update(ctx, dvlsSecret); err != nil {
-			log.Error(err, "Failed to update DvlsSecret status")
-		}
-		return ctrl.Result{}, nil
+	defaultData, ok := entry.GetCredentialDefaultData()
+	if !ok {
+		return ctrl.Result{}, fmt.Errorf(
+			"failed to extract credential data for entry ID %s: unsupported or unexpected entry type (type: %s, subtype: %s)",
+			dvlsSecret.Spec.EntryID, entry.Type, entry.SubType)
 	}
+
 	secretMap := make(map[string]string)
-	secretMap["entry-id"] = secret.ID
-	secretMap["entry-name"] = secret.EntryName
-	secretMap["username"] = secret.Credentials.Username
-	if secret.Credentials.Password != nil {
-		secretMap["password"] = *secret.Credentials.Password
+	secretMap["entry-id"] = entry.Id
+	secretMap["entry-name"] = entry.Name
+	secretMap["username"] = defaultData.Username
+	if defaultData.Password != "" {
+		secretMap["password"] = defaultData.Password
 	}
 
 	if kSecretNotFound {

go.mod

@@ -5,7 +5,7 @@ go 1.21
 toolchain go1.21.4
 
 require (
-	github.com/Devolutions/go-dvls v0.4.1
+	github.com/Devolutions/go-dvls v0.12.2
 	github.com/onsi/ginkgo/v2 v2.14.0
 	github.com/onsi/gomega v1.30.0
 	k8s.io/api v0.29.1

go.sum

@@ -1,5 +1,5 @@
-github.com/Devolutions/go-dvls v0.4.1 h1:2euUdRYFF54/VJRiGZ/toSXhwursngsJvkwbbp/Groc=
-github.com/Devolutions/go-dvls v0.4.1/go.mod h1:LWmMkJugG1/aUH5oXwHN13EvJC+YhvyKH/11pPecPtw=
+github.com/Devolutions/go-dvls v0.12.2 h1:7qptA5gw8JVtEJuTBmfDHOFfkGY6XMRobvg6InIEa+4=
+github.com/Devolutions/go-dvls v0.12.2/go.mod h1:4O3lb/RK1P1cDwU5auVi7CM4gRER7EuwyLwMVuEZjgg=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=

main.go

@@ -128,11 +128,6 @@ func main() {
 		os.Exit(1)
 	}
 
-	if dvlsClient.ClientUser.UserType != dvls.UserAuthenticationApplication {
-		setupLog.Error(nil, "provided credentials are not for an Application user type", "userType", dvlsClient.ClientUser.UserType)
-		os.Exit(1)
-	}
-
 	requeueDurationString := os.Getenv("DEVO_OPERATOR_REQUEUE_DURATION")
 	if requeueDurationString != "" {
 		requeueDuration, err := time.ParseDuration(requeueDurationString)