1
0
Fork 0
mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-15 17:51:01 +00:00
Commit graph

19 commits

Author SHA1 Message Date
Mathew Wicks
73bff05bf2
fix: use cache when retrieving generators (#4153)
* fix: use cache when retrieving generators

Signed-off-by: Mathew Wicks <5735406+thesuperzapper@users.noreply.github.com>

* fix longstanding schema issues

Signed-off-by: Mathew Wicks <5735406+thesuperzapper@users.noreply.github.com>

---------

Signed-off-by: Mathew Wicks <5735406+thesuperzapper@users.noreply.github.com>
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-11-28 09:28:21 +01:00
Gergely Brautigam
fb9526f38a
feat: implement a cluster-wide generator (#4140)
* feat: implement a cluster-wide generator

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* remove unneeded function

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* check diff run output

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* alternative implementation of the Generator approach using specs only

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* refactor the extracting code

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* slight modification to the naming of the spec from generatorSpec to simply generator

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* write a unit test for the generator and register it in the scheme

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* add documentation for the cluster generator

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

---------

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-11-26 15:32:26 +01:00
Alex Samorukov
ebbc3a0e27
Add ability to use RetrySettings in the VaultDynamicSecret generator (#4076)
Signed-off-by: Oleksij Samorukov <samm@net-art.cz>
2024-11-07 07:58:23 +01:00
Gergely Brautigam
d4d4f4bc4b
feat: add AWS STS Session token generator (#4041)
* feat: add AWS STS Session token generator

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* version update for the generated CRD

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

---------

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-11-05 13:22:00 +01:00
Konradas Bunikis
c51ad8d98f
feat: Support repositories and permissions in GitHub generator (#4039)
* feat: Support repositories and permissions in GitHub generator

Signed-off-by: konradasb <konradasb0@gmail.com>

* fix: Correct typo ommited->omitted

Signed-off-by: konradasb <konradasb0@gmail.com>

* fix: Optimize http req body

Signed-off-by: konradasb <konradasb0@gmail.com>

* fix: Optimize body var usage

Signed-off-by: konradasb <konradasb0@gmail.com>

* fix: Correct typo marshalling->marshaling

Signed-off-by: konradasb <konradasb0@gmail.com>

---------

Signed-off-by: konradasb <konradasb0@gmail.com>
2024-10-28 12:02:06 +01:00
Gabi Davar
7f5e8fa9ce
Make CRD categories useful (#3929)
* Make CRD categories useful

* one category for all ES objects.
* one only for generators
* add missing controller label on CRDs
* fix UUID description (was referring to password)

Signed-off-by: Gabi Davar <grizzly.nyo@gmail.com>

* missing update

Signed-off-by: Gabi Davar <grizzly.nyo@gmail.com>

---------

Signed-off-by: Gabi Davar <grizzly.nyo@gmail.com>
2024-09-25 09:45:07 +02:00
Gergely Brautigam
e2a8750f44
fix: update uuids.generator shortname (#3883)
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-09-09 08:42:10 +02:00
Alexander Schaber
f73187dabb
New Generator for UUIDs (#3296)
* feat(generator/uuid): initial version

Signed-off-by: Alexander Schaber <a.schaber@cuegee.com>

* fix(generator/uuid): rename symbols in compliance with lint

Signed-off-by: Alexander Schaber <a.schaber@cuegee.com>

* fix(generator/uuid): rename unused vars to `_` to fix lint

Signed-off-by: Alexander Schaber <a.schaber@cuegee.com>

* docs(generator/uuid): initial documentation for uuid generator

Signed-off-by: Alexander Schaber <a.schaber@cuegee.com>

---------

Signed-off-by: Alexander Schaber <a.schaber@cuegee.com>
2024-09-08 19:54:47 +02:00
Idan Adar
e13e09413e
Fix typo privatKey in multiple files (#3578)
* Update generators.external-secrets.io_githubaccesstokens.yaml

Fixes https://github.com/external-secrets/external-secrets/issues/3556

Signed-off-by: Idan Adar <iadar@il.ibm.com>

* Update generator_github.go

Signed-off-by: Idan Adar <iadar@il.ibm.com>

* Update github.go

Signed-off-by: Idan Adar <iadar@il.ibm.com>

* Update generator-github.yaml

Signed-off-by: Idan Adar <iadar@il.ibm.com>

* Update github_test.go

Signed-off-by: Idan Adar <iadar@il.ibm.com>

* fix: rename property

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

---------

Signed-off-by: Idan Adar <iadar@il.ibm.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
2024-06-17 11:12:03 +02:00
Tsubasa Nagasawa
199c9103db
feat(certcontroller): Allow restricting CRDs and Webhook configs in Informer cache (#3588)
* feat: Add component labels to custom resource definitions

Prerequisite for restricting the CRDs cached by Informer

Signed-off-by: Tsubasa Nagasawa <toversus2357@gmail.com>

* feat(certcontroller): Allow restricting CRDs and Webhook configs in Informer cache

The certcontroller watches CRDs and Webhook configurations, and
manages CA certificates for conversion webhooks of CRDs and Webhook
configurations. Some clusters have a large number of CRDs and Webhook
configurations installed. Additionally, some CRDs have large object sizes.
Currently, the certcontroller holds all CRDs and Webhook configurations
in the Informer cache. Since this includes CRDs not managed by the
certcontroller for CA certificates, memory usage tends to be high.
This PR adds a label to the CRDs and configures the Informer cache to hold
only the CRDs and Webhook configurations restricted by the label selector.
It assumes that the CRDs have a label. Depending on how the External Secrets
Operator is managed, it may be possible to update the External Secrets
Operator without updating the CRDs, so as a precaution, it can be turned
on/off via a startup option. It is disabled by default.

Signed-off-by: Tsubasa Nagasawa <toversus2357@gmail.com>

---------

Signed-off-by: Tsubasa Nagasawa <toversus2357@gmail.com>
2024-06-16 12:52:10 +02:00
Michael Serchenia
84731616f4
GitHub provider (supersedes #3014) (#3115)
* github provider signed, supersedes #3014

Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>

* tests pass, + crd + docs

Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>

* fix sonarLint alert

Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>

* refactoring, replace secretStore with generator

Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>

* cosmetics + tst + lint pass

Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>

* docs

Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>

* clean-up + lint + test

Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>

* small refactor, fix issues left in comments

Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>

---------

Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>
2024-04-03 09:19:57 +02:00
Gustavo Fernandes de Carvalho
1cf8f68276
Implements Webhook Generator (#3121)
* adding webhook generators

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

* bumping bundle

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

* linting

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

* fixing copy-paste error

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

* common webhook functions

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

* removing duplicates. Adding tests for generator

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

* docs

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

---------

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
2024-02-17 06:49:31 -03:00
Lakhan Jindam
325f36e47d
add validations for the remaining enum values (#2860)
* add validations for the remaining enum values

Signed-off-by: lakhan jindam <lakhanj569@gmail.com>

* generate crd configs using make reviewable cmd and address review comments

Signed-off-by: lakhan jindam <lakhanj569@gmail.com>

---------

Signed-off-by: lakhan jindam <lakhanj569@gmail.com>
2023-11-18 19:55:39 -03:00
Thomas
a15b146165
fix: add missing omitempty json tags for optional fields (#2855)
The missing tags can confuse some tools.

Fixes: #2853

Signed-off-by: Thomas Way <thomas@6f.io>
2023-11-06 21:54:44 +01:00
Moritz Johner
97df83b518
chore: bump dependencies (#2654)
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2023-08-28 11:50:46 +02:00
Moritz Johner
593eb13999
feat: allow to get auth data from vault response (#2325)
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2023-05-22 10:00:41 +02:00
Saumya Shovan Roy (Deep)
08bb2291fe
feat: add controller class on VaultDynamicSecret resources (#2287)
* feat: add generator for vaultdynamicsecret

* Added controllerClass on VaultDynamicSecret

* Added controllerClass on VaultDynamicSecret

Signed-off-by: rdeepc <12953177+rdeepc@users.noreply.github.com>

* Fixed lint

Signed-off-by: rdeepc <12953177+rdeepc@users.noreply.github.com>

* Fixed hack bash

Signed-off-by: rdeepc <12953177+rdeepc@users.noreply.github.com>

* feat: Implemented generator controller class support

- Controller class support in VaultDynamicSecret
- Controller class support in Fake

Signed-off-by: rdeepc <12953177+rdeepc@users.noreply.github.com>

* feat: Implemented Generator controller class check

Signed-off-by: rdeepc <12953177+rdeepc@users.noreply.github.com>

* feat: Implemented Generator controller class check

Signed-off-by: rdeepc <dpr0413@gmail.com>

* feat: Implemented Generator controller class check

Signed-off-by: rdeepc <dpr0413@gmail.com>

* feat: hoist controller class check to the top

The generator controller class check should be at the very top of the
reconcile function just like the other secretStore class check.

Otherwise we would return an error and as a result set the status field on the es
resource - which is undesirable. The controller should completely
ignore the resource instead.

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

---------

Signed-off-by: rdeepc <12953177+rdeepc@users.noreply.github.com>
Signed-off-by: rdeepc <dpr0413@gmail.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Frederic Mereu <frederic.mereu@gaming1.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
2023-05-16 08:59:26 +02:00
Kristián Leško
1eca34c94d
feat: Vault dynamic secrets Generator (#2074)
* feat: Vault dynamic secrets Generator

Signed-off-by: Kristián Leško <kristian.lesko@gooddata.com>

* Update pkg/provider/vault/vault.go

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

Signed-off-by: Moritz Johner <moolen@users.noreply.github.com>

* feat: Vault dynamic secrets Generator

Signed-off-by: Kristián Leško <kristian.lesko@gooddata.com>

* Update pkg/provider/vault/vault.go

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

Signed-off-by: Moritz Johner <moolen@users.noreply.github.com>

* fix: linter

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

---------

Signed-off-by: Kristián Leško <kristian.lesko@gooddata.com>
Signed-off-by: Moritz Johner <moolen@users.noreply.github.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
2023-03-13 16:31:10 +01:00
Moritz Johner
dabfa5a589
Feature: initial generator implementation + Github Actions OIDC/AWS (#1539)
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
2022-10-29 20:15:50 +02:00