Upgrade operator sdk + a few fixes

[plaffitt]

This PR contains work from various PR from our fork at Enix. Here is a changelog:

• Use lpass status to validate re-login and disable logout command 🛠️
• De-hardcode namespace in helm chart 🛠️
• Upgrade operator-sdk from 0.8.1 to 1.5.2 🎉
• Upgrade golang from <1.13 (before go modules are the default) to golang 1.17 🎉
• Upgrade crdVersion from v1alpha1 to v1 🎉
• Start building the operator binary inside the Dockerfile with multi-stage build instead of doing it outside before copying it 🎉
• Fix missing required namespace in ClusterRoleBinding 🛠️
• Add flag (and helm value) to define a template for secrets names 🎉

[niqdev]

out of curiosity, any performance issues for doing this i.e. skipping the logout?

[donch]

Hi, i didn't spot any performance issues, but in our use-case, we need to sync hundreds of secrets, with the logout activated, we get banned from Lastpass.
We didn't try to Log in at each secret synchronisation, but we'll probably get banned too from Lastpass.

[niqdev]

Fair enough!

[niqdev]

i would probably keep the implementation and comment lastpass.Logout() in here - No point in keeping the method around otherwise

[donch]

I think it will be ok 👍 Thanks

[niqdev]

I'll look into it 😉

[niqdev]

what is e9330328 for?

[plaffitt]

This part of the code was generated by Operator SDK, it's just a random ID to ensure it's unique I guess.

[niqdev]

were these tests auto-generated?

[plaffitt]

Yes, they were

[niqdev]

i haven't used it in a while, just wondering about potential regressions, do you have an example of how it was looking before cr.Name + "-" + secret.ID compared to now?

[niqdev]

I think I remembered why I did this, would there be any potential issues with secret conflicts? See example in the readme example-lastpass-8190226423897406876

[plaffitt]

The secretName variable comes from a go template. The default template used to generate the secret name is the following one {{.LastPass.ObjectMeta.Name}}-{{.LastPassSecret.ID}}, so it replicate the old behavior and should not introduce any breaking change. After this change I get by default names like the following lp-cred1-7726733720672245904.

[niqdev]

Thanks for clarifying this!

[niqdev]

what is this exactly for?

[plaffitt]

This is the go template I talked about above. The default one is {{.LastPass.ObjectMeta.Name}}-{{.LastPassSecret.ID}} in order to avoid breaking changes. Setting the secretNameTemplate value in helm chart allows to override this value.

[niqdev]

@paullaffitte I'm really grateful for the help here! Amazing work, thanks!

A couple of things

• would there be any issue if I upgrade the chart to helm 3? are you actually pointing to the chart currently in the repo?
• I'll definitely update the release process to use GH actions
• do you mind if I ping you directly or involve in reviewing PRs in the future?
• Please consider creating a separate PR adding yourself or Enix as contributors in the README!

Thanks again for contributing to the project! I'll wait for your feedback in the comments and then I'll merge the PR

[plaffitt]

You're welcome, it's always a pleasure to help open-source projects 🙂

We tried our best to answer your above questions.

And to answer your last message:

• We already use helm 3 so it's totally fine to upgrade the chart.
• Nice!
• Sure, If I can be of any help.
• We will do it, thanks 🙂

[niqdev]

Hi, I haven't installed go and operator-sdk in a while, I'm updating the doc and I was trying to build your repo/branch first and I realized that there were some simple issues to fix in the makefile e.g. replace go get with go install, which led me to look into the dependency versions...

Was there any concern in bumping to the latest operator-sdk version, i.e. 1.21.0 cos of too many breaking changes, or it just happened that you did this a while back and the version went forward? Don't get me wrong, I'm just trying to understand your changes 😅

The main reason for asking this is because I need to fix the CI and install the right version of the operator etc., that's all!

[plaffitt]

Hi, the makefile was generated by operator-sdk, what is the issue with go get ?

Concerning operator-sdk version, we upgraded it for some reasons, and we just had no reason to upgrade to the latest version, so to save time I stopped at the first version meeting our requirements. But I think it's completely fine to bump the version until the latest one. Our reasons were the following:

• We want to build everything from inside the docker image (instead of building locally and then copy the file into the image).
• We want to upgrade at least to the first "stable" version (1.0.0 or above) see below why.
• We want to use crds version v1 instead of v1beta1 (since operator-sdk 1.0.0).
• v1.5.0 is the first version where PROJECT config version 3-alpha is deprecated in favor of version 3. Some files in version 3-alpha seem to not exist anymore so it seems to be impossible to install and use operator-sdk between 1.0.0 and 1.5.0.
• We want to use go modules by default (since golang 1.13) and use it's latest available version if possible (1.17).

Why we wanted to upgrade to at least v1.0.0

One of our goals where to be able to upgrade easily the operator in the future.

When upgrading your version of Operator-sdk, it is intended that post-1.0.0 minor versions (i.e. 1.y) are backwards compatible and strictly additive. Therefore, you only need to re-scaffold your operator with a newer version of Operator-SDK if you wish to take advantage of new features. If you do not wish to use new features, all that should be required is bumping the operator image dependency (if a Helm or Ansible operator) and rebuilding your operator image.
https://sdk.operatorframework.io/docs/upgrading-sdk-version/

Now that all of this is done, the remaining upgrades should be easier and faster than the previous ones.

[niqdev]

Thanks for all the details, that was very helpful! I'll let you know when I release the image with your changes 🚀