Add support for Yandex Lockbox: custom API endpoint

apis/externalsecrets/v1alpha1/secretstore_yandexlockbox_types.go

@@ -26,6 +26,9 @@ type YandexLockboxAuth struct {
 
 // YandexLockboxProvider Configures a store to sync secrets using the Yandex Lockbox provider.
 type YandexLockboxProvider struct {
+	// Yandex.Cloud API endpoint
+	Endpoint string `json:"endpoint,omitempty"`
+
 	// Auth defines the information necessary to authenticate against Yandex Lockbox
 	Auth YandexLockboxAuth `json:"auth"`
 }

deploy/crds/external-secrets.io_clustersecretstores.yaml

@@ -637,6 +637,9 @@ spec:
                             - name
                             type: object
                         type: object
+                      endpoint:
+                        description: Yandex.Cloud API endpoint
+                        type: string
                     required:
                     - auth
                     type: object

deploy/crds/external-secrets.io_secretstores.yaml

@@ -637,6 +637,9 @@ spec:
                             - name
                             type: object
                         type: object
+                      endpoint:
+                        description: Yandex.Cloud API endpoint
+                        type: string
                     required:
                     - auth
                     type: object

pkg/provider/yandex/lockbox/client/client.go

@@ -22,7 +22,7 @@ import (
 
 // Creates LockboxClient with the given authorized key.
 type LockboxClientCreator interface {
-	Create(ctx context.Context, authorizedKey *iamkey.Key) (LockboxClient, error)
+	Create(ctx context.Context, endpoint string, authorizedKey *iamkey.Key) (LockboxClient, error)
 }
 
 // Responsible for accessing Lockbox secrets.

pkg/provider/yandex/lockbox/client/fake/fake.go

@@ -30,7 +30,7 @@ type LockboxClientCreator struct {
 	Backend *LockboxBackend
 }
 
-func (lcc *LockboxClientCreator) Create(ctx context.Context, authorizedKey *iamkey.Key) (client.LockboxClient, error) {
+func (lcc *LockboxClientCreator) Create(ctx context.Context, endpoint string, authorizedKey *iamkey.Key) (client.LockboxClient, error) {
 	return &LockboxClient{lcc.Backend, authorizedKey}, nil
 }
 

pkg/provider/yandex/lockbox/client/grpc/grpc.go

@@ -27,7 +27,7 @@ import (
 type LockboxClientCreator struct {
 }
 
-func (lb *LockboxClientCreator) Create(ctx context.Context, authorizedKey *iamkey.Key) (client.LockboxClient, error) {
+func (lb *LockboxClientCreator) Create(ctx context.Context, endpoint string, authorizedKey *iamkey.Key) (client.LockboxClient, error) {
 	credentials, err := ycsdk.ServiceAccountKey(authorizedKey)
 	if err != nil {
 		return nil, err
@@ -35,6 +35,7 @@ func (lb *LockboxClientCreator) Create(ctx context.Context, authorizedKey *iamke
 
 	sdk, err := ycsdk.Build(ctx, ycsdk.Config{
 		Credentials: credentials,
+		Endpoint:    endpoint,
 	})
 	if err != nil {
 		return nil, err

pkg/provider/yandex/lockbox/lockbox.go

@@ -78,7 +78,7 @@ func (p *lockboxProvider) NewClient(ctx context.Context, store esv1alpha1.Generi
 		return nil, fmt.Errorf("unable to unmarshal authorized key: %w", err)
 	}
 
-	lb, err := p.lockboxClientCreator.Create(ctx, &authorizedKey)
+	lb, err := p.lockboxClientCreator.Create(ctx, storeSpecYandexLockbox.Endpoint, &authorizedKey)
 	if err != nil {
 		return nil, fmt.Errorf("failed to create Yandex.Cloud SDK: %w", err)
 	}