evan.jarrett.net / hsm-secrets-operator
A Kubernetes operator that bridges Hardware Security Module (HSM) data storage with Kubernetes Secrets, providing true secret portability th
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

attempt to fix mirroring

Evan Jarrett 8030775e 20d783e8

+10 -22
+2 -2
helm/hsm-secrets-operator/Chart.yaml
··· 2 2 name: hsm-secrets-operator 3 3 description: A Kubernetes operator that bridges Pico HSM binary data storage with Kubernetes Secrets 4 4 type: application 5 - version: 0.5.20 6 - appVersion: v0.5.20 5 + version: 0.5.21 6 + appVersion: v0.5.21 7 7 icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/kubernetes/icon/color/kubernetes-icon-color.svg 8 8 home: https://github.com/evanjarrett/hsm-secrets-operator 9 9 sources:
+8 -20
internal/mirror/manager.go
··· 611 611 return nil 612 612 } 613 613 614 - // getAvailableDevices gets list of available physical HSM devices from HSMPools in the operator namespace 614 + // getAvailableDevices gets list of available physical HSM device instances from HSMPools in the operator namespace 615 615 func (mm *MirrorManager) getAvailableDevices(ctx context.Context, operatorNamespace string) ([]string, error) { 616 616 var hsmPoolList hsmv1alpha1.HSMPoolList 617 617 // HSMPools are always in the operator namespace (where controller-manager runs) ··· 619 619 return nil, fmt.Errorf("failed to list HSM pools in operator namespace %s: %w", operatorNamespace, err) 620 620 } 621 621 622 - deviceNames := make(map[string]bool) 622 + var devices = []string{} 623 623 624 624 for _, pool := range hsmPoolList.Items { 625 625 if pool.Status.Phase == hsmv1alpha1.HSMPoolPhaseReady && len(pool.Status.AggregatedDevices) > 0 { 626 - // Use the actual HSMDevice names from the pool spec 627 - // AgentManager will handle connecting to the appropriate agent instances 628 - for _, deviceRef := range pool.Spec.HSMDeviceRefs { 629 - // Only add if there are available devices in this pool 630 - hasAvailableDevice := false 631 - for _, aggregatedDevice := range pool.Status.AggregatedDevices { 632 - if aggregatedDevice.Available { 633 - hasAvailableDevice = true 634 - break 635 - } 636 - } 637 - if hasAvailableDevice { 638 - deviceNames[deviceRef] = true 626 + for _, aggregatedDevice := range pool.Status.AggregatedDevices { 627 + if aggregatedDevice.Available { 628 + deviceName := &pool.OwnerReferences[0].Name 629 + // Create device instance name: deviceRef-index (e.g., "pico-hsm-0", "pico-hsm-1") 630 + deviceInstanceName := fmt.Sprintf("%s-%s", *deviceName, aggregatedDevice.SerialNumber) 631 + devices = append(devices, deviceInstanceName) 639 632 } 640 633 } 641 634 } 642 - } 643 - 644 - devices := make([]string, 0, len(deviceNames)) 645 - for deviceName := range deviceNames { 646 - devices = append(devices, deviceName) 647 635 } 648 636 649 637 sort.Strings(devices) // Ensure consistent ordering