* chore: remove unused servicemonitor-values from helm-chart
The templates for the servicemonitors of the webhook-deployment and the
certController have been removed in
https://github.com/external-secrets/external-secrets/pull/2136. This
commit removes the corresponding values in the values.yaml which are now
obsolete.
Signed-off-by: alexanderwoehler <alexander@woehler.org>
* docs: remove references to deleted servicemonitor-values from docs
Signed-off-by: alexanderwoehler <alexander@woehler.org>
---------
Signed-off-by: alexanderwoehler <alexander@woehler.org>
* Set metadata to external secrets managed by cluster external secrets (#2413)
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
Signed-off-by: Vishal Singha Roy <vishal.singha.roy@ibm.com>
* Pull secret metadata from IBM Secrets Manager
Signed-off-by: Vishal Singha Roy <vishal.singha.roy@ibm.com>
* Add lower-kebab name transformer to Doppler provider (#2418)
Signed-off-by: Joel Watson <joel.watson@doppler.com>
Signed-off-by: Vishal Singha Roy <vishal.singha.roy@ibm.com>
* Fix E2E test setup on non-linux machines (#2414)
Signed-off-by: Michael Sauter <michael.sauter@boehringer-ingelheim.com>
Signed-off-by: Vishal Singha Roy <vishal.singha.roy@ibm.com>
* Removing IncludeSecretMetadata from externalsecret_types.go
Signed-off-by: Vishal Singha Roy <vishal.singha.roy@ibm.com>
* Changes to call IBM Secrets Manager once in case of KV Secret
Signed-off-by: Vishal Singha Roy <vishal.singha.roy@ibm.com>
* Removing extra parameters to getKVSecret() is not required
Signed-off-by: Vishal Singha Roy <vishal.singha.roy@ibm.com>
* Removing linting errors
Signed-off-by: Vishal Singha Roy <vishal.singha.roy@ibm.com>
---------
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
Signed-off-by: Vishal Singha Roy <vishal.singha.roy@ibm.com>
Signed-off-by: Joel Watson <joel.watson@doppler.com>
Signed-off-by: Michael Sauter <michael.sauter@boehringer-ingelheim.com>
Co-authored-by: Shuhei Kitagawa <shuheiktgw@users.noreply.github.com>
Co-authored-by: Vishal Singha Roy <vishal.singha.roy@ibm.com>
Co-authored-by: Joel Watson <joel@watsonian.net>
Co-authored-by: Michael Sauter <mail@michaelsauter.net>
* Add more context to error handling for parsing certs in order for
log format to display properly
Signed-off-by: Dusan Nikolic <dusannikolic11@gmail.com>
* Create error instead of string as arg
Signed-off-by: Dusan Nikolic <dusannikolic11@gmail.com>
* fix: unit test
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
---------
Signed-off-by: Dusan Nikolic <dusannikolic11@gmail.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Dusan Nikolic <dusannikolic@MacBook-Pro-66.local>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
* Add support for cert-manager managed webhook certs
Signed-off-by: Eric Stokes <fernferret@gmail.com>
* Ran make helm.docs to update README.md
Signed-off-by: Eric Stokes <fernferret@gmail.com>
* Added unittests for chart
Signed-off-by: Eric Stokes <fernferret@gmail.com>
* tidy: Fixed trailing whitespace
Signed-off-by: Eric Stokes <fernferret@gmail.com>
---------
Signed-off-by: Eric Stokes <fernferret@gmail.com>
* Mount ~/.gitconfig when running make docs
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
* Use GIT_COMMITTER_NAME and GIT_COMMITTER_EMAIL
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
* Update hack/api-docs/requirements.txt
Signed-off-by: Moritz Johner <moolen@users.noreply.github.com>
---------
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
Signed-off-by: Moritz Johner <moolen@users.noreply.github.com>
Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>
* Add Conjur provider
Signed-off-by: David Hisel <David.Hisel@CyberArk.com>
* fix: lint
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* fix: unit tests
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
---------
Signed-off-by: David Hisel <David.Hisel@CyberArk.com>
Signed-off-by: David Hisel <132942678+davidh-cyberark@users.noreply.github.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
Add an exit message when the certificate check triggers a fatal exit
(via cancel()). When cancel() is called, this cancels the main
context which causes the webhook to shutdown.
A return is also added to ensure the message "valid" comes out right
after "invalid" like so:
"certs are not valid at..."
"certs are valid"
Signed-off-by: Eric Stokes <fernferret@gmail.com>
* Fix the test Make task
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
* fix: retry shutdown of testEnv
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
---------
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
* feat: allow to set a common set of labels in the helm chart
Signed-off-by: Maxime Guillet <6997681+maximeguillet@users.noreply.github.com>
* fix: update helm snapshot
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
---------
Signed-off-by: Maxime Guillet <6997681+maximeguillet@users.noreply.github.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
* feat: added session tag capability to assume role
modified apis/externalsecrets/v1beta1/secretstore_aws_types.go to expect session tags and transitive tags structs
modified pkg/provider/aws/auth/auth.go to pass session tags if they exist
Signed-off-by: Nima Fotouhi <fotouhi@live.com>
* fix: make build errors (JSON serialization error)
modified apis/externalsecrets/v1beta1/secretstore_aws_types.go to include a new custom struct (Tag) used with SessionTags instead of []*sts.Tag
modified pkg/provider/aws/auth/auth.go to convert custom Tag struct to sts.Tag before passing to assume role API call
Signed-off-by: Nima Fotouhi <fotouhi@live.com>
* removed unnecessary commented out code
Signed-off-by: Nima Fotouhi <fotouhi@live.com>
* chore(deps): bump actions/setup-python from 4.6.0 to 4.6.1 (#2366)
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.6.0 to 4.6.1.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v4.6.0...v4.6.1)
---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Nima Fotouhi <fotouhi@live.com>
* 📚 Update stability-support.md (#2363)
Staring 0.82, IBM Cloud Secrets Manager supports fetching secrets by name as well as ID.
Signed-off-by: Idan Adar <iadar@il.ibm.com>
Signed-off-by: Nima Fotouhi <fotouhi@live.com>
* feat: ran make reviewable tasks (except for docs)
Signed-off-by: Nima Fotouhi <fotouhi@live.com>
* refractor: made addition of TransitiveTagKeys to setAssumeRoleOptions dependant to presence of SessionTags. So if user includes Transitive Tags in SecretStore definition without Session Tags, tags get ignored
Signed-off-by: Nima Fotouhi <fotouhi@live.com>
---------
Signed-off-by: Nima Fotouhi <fotouhi@live.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Idan Adar <iadar@il.ibm.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Idan Adar <iadar@il.ibm.com>
* chore: update dependencies
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* chore: get rid of argo dependency to be independent of their k8s
versioning
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
---------
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* update documentation
Signed-off-by: Luke Arntz <luke@blue42.net>
* default to GetParametersByPathWithContext
Add GetParametersByPathWithContext. To maintain backward compatibility moved the original `findByname` function to `fallbackFindByName` and created a new `findByName` function that uses the `GetParametersByPathWithContext` API call.
In function `findByName`, if we receive an `AccessDeniedException` when calling GetParametersByPathWithContext `return pm.fallbackFindByName(ctx, ref)`.
Signed-off-by: Luke Arntz <luke@blue42.net>
* feat: notify users about ssm permission improvements
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* fix: get parameters recursively and decrypt them
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
---------
Signed-off-by: Luke Arntz <luke@blue42.net>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
