mirrors/external-secrets
1
0
Fork 0
mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00
Code Activity
3177 commits 135 branches 173 tags 201 MiB
Commit graph

864 commits

Author SHA1 Message Date
Gustavo Fernandes de Carvalho
0cb799b5cf
Feature/push secret (#1315) 
Introduces Push Secret feature with implementations for the following providers:

* GCP Secret Manager
* AWS Secrets Manager
* AWS Parameter Store
* Hashicorp Vault KV

Signed-off-by: Dominic Meddick <dominic.meddick@engineerbetter.com>
Signed-off-by: Amr Fawzy <amr.fawzy@container-solutions.com>
Signed-off-by: William Young <will.young@engineerbetter.com>
Signed-off-by: James Cleveland <james.cleveland@engineerbetter.com>
Signed-off-by: Lilly Daniell <lilly.daniell@engineerbetter.com>
Signed-off-by: Adrienne Galloway <adrienne.galloway@engineerbetter.com>
Signed-off-by: Marcus Dantas <marcus.dantas@engineerbetter.com>
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
Signed-off-by: Nick Ruffles <nick.ruffles@engineerbetter.com>
 2022-11-29 16:04:46 -03:00
Dominik Zeiger
117e93b4ed
gitlab: small documentation updates (#1747) 
Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>

Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>
 2022-11-24 20:50:35 +01:00
Steven Bressey
b5be79de98
Feature: Add secret metadata templating from secret values (#1740) 
* handle template data for secret labels & annotations

Signed-off-by: Steven Bressey <steven.bressey@artifakt.io>
 2022-11-23 22:29:59 +01:00
Dominik Zeiger
b7100e27a0
gitlab: support "environment_scope" tag for findAll (#1732) 
Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>

Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>
Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>
 2022-11-23 22:22:35 +01:00
Dominik Zeiger
f38f40a2b4
gitlab: support for CI/CD group variables (#1692) 
* gitlab: support for ci/cd group variables

Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>

* gitlab: support for ci/cd group variables (automatically discover project groups)

Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>

* gitlab: support for ci/cd group variables (documentation)

Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>

Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>
 2022-11-21 22:26:34 +01:00
Gustavo Fernandes de Carvalho
bd4495814b
🧹Bumping versions (#1708) 
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
 2022-11-09 17:44:07 -03:00
Dominik Zeiger
6ec0d2cd95
gitlab: getAllSecrets (#1681) 
* gitlab: getAllSecrets

Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>

* Update pkg/provider/gitlab/gitlab.go

Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
Signed-off-by: Dominik Zeiger <domizei385@users.noreply.github.com>
Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>

* gitlab: added some test coverage

Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>

Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>
Signed-off-by: Dominik Zeiger <domizei385@users.noreply.github.com>
Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
 2022-11-01 15:09:36 -03:00
Gustavo Fernandes de Carvalho
d1fa28532d
🧹 chore: bumping versions (#1688) 
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
 2022-10-31 06:54:52 -03:00
Moritz Johner
dabfa5a589
Feature: initial generator implementation + Github Actions OIDC/AWS (#1539) 
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
 2022-10-29 20:15:50 +02:00
Moritz Johner
411f03ffe1
fix: allow controller to delete delete externalsecrets (#1670) 
When using ClusterExternalSecret the controller needs to delete
external-secret resources

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2022-10-26 23:23:15 +02:00
Gustavo Fernandes de Carvalho
d5cc8b3de5
🐛 Implements new buildPath logic (#1636) 
Signed-off-by: Gustavo <gusfcarvalho@gmail.com>
 2022-10-26 15:19:25 -03:00
Martin Schimandl
6ca30a762a
Implement oracle validator (#1592) 
* Implement oracle validator

Signed-off-by: Martin Schimandl <martin.schimandl@gmail.com>

* Add more granular OCI error handling

Signed-off-by: Martin Schimandl <martin.schimandl@gmail.com>

* Remove two newlines the linter does not like

Signed-off-by: Martin Schimandl <martin.schimandl@gmail.com>

Signed-off-by: Martin Schimandl <martin.schimandl@gmail.com>
 2022-10-25 23:32:40 +02:00
Yannay Hammer
14f5ddf198
Added namespace condition to ClusterSecretStore (#1635) 
* Added namespace condition to ClusterSecretStore

Signed-off-by: Yannay Hammer <yannayha@gmail.com>

* Added the new conditions field to the docs

Signed-off-by: Yannay Hammer <yannayha@gmail.com>

* Added tests to ClusterSecretStore namespace conditions

Signed-off-by: Yannay Hammer <yannayha@gmail.com>

* Added some comments to explain tests better

Signed-off-by: Yannay Hammer <yannayha@gmail.com>

* Fixed a testcase

Signed-off-by: Yannay Hammer <yannayha@gmail.com>

* Increased golangci timeout to 10m

Signed-off-by: Yannay Hammer <yannayha@gmail.com>

* Fixed test to use fakeProvider correctly

Signed-off-by: Yannay Hammer <yannayha@gmail.com>

* Removed hardcoded timeout from make lint

Signed-off-by: Yannay Hammer <yannayha@gmail.com>

* Improved error message on non matching namespace

Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>
Signed-off-by: Yannay Hammer <yannayha@gmail.com>

* Modified testCase to use GenericStore interface

Signed-off-by: Yannay Hammer <yannayha@gmail.com>

* Attempt at generalizing the testcase and reducing code duplication

Signed-off-by: Yannay Hammer <yannayha@gmail.com>

* Reduced some diff

Signed-off-by: Yannay Hammer <yannayha@gmail.com>

* fix: tidy e2e mod

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

Signed-off-by: Yannay Hammer <yannayha@gmail.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Docs <docs@external-secrets.io>
Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
 2022-10-17 16:40:18 +02:00
dependabot[bot]
27d0cd72f5
chore(deps): bump sigs.k8s.io/controller-runtime from 0.12.3 to 0.13.0 (#1547) 
* chore(deps): bump sigs.k8s.io/controller-runtime from 0.12.3 to 0.13.0

Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.12.3 to 0.13.0.
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/master/RELEASE.md)
- [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.12.3...v0.13.0)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/controller-runtime
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix: remove dependency on crossplane-runtime/pkg/test

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
 2022-10-13 20:24:56 +02:00
Eng Zer Jun
0c9efa67b0
test: use T.Setenv to set env vars in tests (#1611) 
This commit replaces `os.Setenv` with `t.Setenv` in tests. The
environment variable is automatically restored to its original value
when the test and all its subtests complete.

Reference: https://pkg.go.dev/testing#T.Setenv
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
 2022-10-06 22:05:42 +02:00
Nic Eggert
773956f5d3
Add optional caching for Vault clients, including token re-use. (#1537) 
The new functionality is controlled using the newly-introduced
--experimental-enable-vault-token-cache and
--experimental-vault-token-cache-size command-line flags.

Signed-off-by: NicEggert <nicholas.eggert@target.com>
 2022-09-30 20:41:36 +02:00
Dominik Zeiger
fa38fe1e60
enable configuration of environment_scope for gitlab provider (#1565) 
* enable configuration of environment_scope for gitlab provider

Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>
 2022-09-27 22:08:38 +02:00
Ryan Blunden
f01e13f21b
Add Doppler provider (#1573) 
* Add Doppler provider

Signed-off-by: Ryan Blunden <ryan.blunden@doppler.com>
 2022-09-23 22:47:25 +02:00
Sebastián Gómez
cef547e473
fix: unmarshal JSON error when empty secrets in Vault (#1512) 
Signed-off-by: Sebastián Gómez <sebastiangomezcorrea@gmail.com>
 2022-09-14 22:26:10 +02:00
Rhaenys
7397243ca0
New Duration Metric (#1533) 
Signed-off-by: Cristina DE DIOS GONZALEZ <cristina.dedios@amadeus.com>
 2022-09-12 19:19:45 +02:00
Moritz Johner
af367e9933
chore: refactor provider (#1529) 
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2022-09-12 14:55:46 +02:00
renanaAkeyless
ed59520674
added akeyless k8s auth option (#1531) 
* added akeyless k8s auth option

Signed-off-by: Docs <renana@akeyless.io>
 2022-09-11 13:25:29 +02:00
Moritz Johner
ed0ceb8d84
fix: aws parameter store json decode, bump go 1.19 (#1525) 
* fix: parameter store should decode complex json values

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2022-09-06 19:46:36 +02:00
Marcel Hoyer
17ece4df8f
flip order of err and nil secret variable check in listSecrets() function of vault provider (#1504) 
Signed-off-by: Marcel Hoyer <mhoyer@pixelplastic.de>
 2022-08-31 14:35:42 +02:00
dependabot[bot]
67fedc840e
Kubernetes v1.24 upgrade (#1345) 
* build(deps): bump sigs.k8s.io/controller-runtime from 0.11.2 to 0.12.3

Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.11.2 to 0.12.3.
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/master/RELEASE.md)
- [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.11.2...v0.12.3)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/controller-runtime
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* feat: bump kubernetes 1.24

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* fix: backwards-compatible vault implementation

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* feat: add audiences field to serviceAccountRef

This will be used by aws, azure, gcp, kubernetes & vault providers
in combination with TokenRequest API: it will _append_ audience claims
to provider-specific audiences.

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* feat: refactor kubernetes client to match provider/client interfaces

the kubernetes provider mixed up provider and client interfaces which
made it really hard to reason about. This commit separates into two
structs, each implements one interface.
The client struct fields have been renamed and annotated so their use
and scope is clear.

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* fix: deprecate expirationSeconds

expirationSeconds is not needed because we generate a
service account token on the fly for a single use.
There will be no replacement for this.

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* fix: rename token fetch audiences field

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* fix: generate CRDs

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
 2022-08-19 17:32:06 +02:00
Moritz Johner
2d20b5488e
feat: add azkv.environmentType (#1469) 
users of USGovCloud, ChinaCloud, GermanCloud need slightly different
configuration for AADEndpoint and keyvault resource.

This is based on CSI Secret Store Azure KV driver,

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2022-08-18 00:12:44 +02:00
Moritz Johner
8e245f6073
fix: remove convertKeys from aws providers (#1470) 
ConvertKeys is called in the external secrets controller
which takes care of mapping the keys.
Calling it before returning the data is a bug as it
interferes with the new rewrite feature.

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2022-08-17 15:36:02 +02:00
stephen-dexda
e64acea549
fix: AWS attr. dot check off-by-one error (#1459) 
* Fix off-by-one in check for dot in JSON attr. name

Signed-off-by: stephen-dexda <stephen@dexda.io>
 2022-08-15 21:44:32 +02:00
dependabot[bot]
bf21843eba
⬆️github.com/akeylesslabs/akeyless-go/v2 from 2.16.8 to 2.17.0 (#1438) 
* Bump github.com/akeylesslabs/akeyless-go/v2 from 2.16.8 to 2.17.0

Bumps [github.com/akeylesslabs/akeyless-go/v2](https://github.com/akeylesslabs/akeyless-go) from 2.16.8 to 2.17.0.
- [Release notes](https://github.com/akeylesslabs/akeyless-go/releases)
- [Changelog](https://github.com/akeylesslabs/akeyless-go/blob/master/docs/KmipRenewServerCertificate.md)
- [Commits](https://github.com/akeylesslabs/akeyless-go/compare/v2.16.8...v2.17.0)

---
updated-dependencies:
- dependency-name: github.com/akeylesslabs/akeyless-go/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Fixing linting issues

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
 2022-08-11 14:32:04 -03:00
Kewei Ma
53443eaadf
Fix provisionedNamespaces in Status field of ClusterExternalSecret keeps getting updated non-stop (#1441) 
Signed-off-by: Kewei Ma <kewei@indeed.com>
 2022-08-09 17:55:34 +02:00
Gustavo Fernandes de Carvalho
b4e7acfaa9
Implements dataFrom key rewrite (#1381) 
* Implements dataFrom key rewrite

Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

* docs: add example to remove invalid characters

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
 2022-08-04 15:24:02 -03:00
Moritz Johner
6593e06561
fix: handle empty conversionStrategy (#1408) 
This is for the case when the conversion webhook does not
set the conversionStrategy properly (it doesn't run the Defaulter).

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2022-08-01 19:44:09 +02:00
Mike
fdf1f9ce6f
feat: Add support for container auth to IBM provider. (#1177) 2022-07-26 22:48:07 +02:00
david amick
524e33bbeb
🧹Improve 1Password integration and docs (#1340) 2022-07-26 09:07:48 -03:00
Stanislaw Scherban
eb8e614755
retryer implementation to handle throttling exceptions on AWS (#1331) 
* awsretryer implemented for AWS providers
 2022-07-19 20:00:46 +02:00
Gustavo Fernandes de Carvalho
fa91ba0f6c
Adds DecodingStrategy to ExternalSecrets (#1294) 
Fixes #920

Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-07-12 09:18:00 -03:00
paul-the-alien[bot]
c42c48911e
Merge pull request #1283 from external-secrets/mj-fix-aws-token-aud 
fix: respect aud annotation at IRSA
 2022-06-22 14:17:48 +00:00
paul-the-alien[bot]
240b8db4f0
Merge pull request #1244 from albertollamaso/reuse-aws-session 
Once the AWS session is created first time, it can be reused
 2022-06-22 13:20:37 +00:00
Alberto Llamas
e31a408e1d update 2022-06-22 07:24:26 +02:00
Moritz Johner
8f85e53f17 fix: respect aud annotation at IRSA 2022-06-21 23:33:24 +02:00
Alberto Llamas
629d2f391c fix 2022-06-21 12:14:36 +02:00
Alberto Llamas
5ec222dfd0 update 2022-06-21 11:52:01 +02:00
Alberto Llamas
c3335907ac Fix recommendations from go-lint 2022-06-18 13:05:47 +02:00
Alberto Llamas
ad63b74c9f Reuse AWS session as feature gate that a user has to opt-in in order to use it 2022-06-18 10:54:47 +02:00
paul-the-alien[bot]
94024a144b
Merge pull request #1257 from external-secrets/bug-1137 
Azure KeyVault decoding bugs
 2022-06-15 21:20:44 +00:00
Moritz Johner
cff9be1664
feat(kubernetes): allow service account auth (#1201) 
* feat(kubernetes): allow service account auth

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2022-06-13 21:49:05 +02:00
Alberto Llamas
909d137a83 Removing newlines 2022-06-13 20:36:58 +02:00
Alberto Llamas
cb6f66b5ac Fix aws session logic 2022-06-13 20:24:25 +02:00
Sebastián Gómez
9bc7eb1436 Remove codesmell 2022-06-13 11:56:38 -04:00
Sebastián Gómez
4ae98fc995 Removed code smell and simplified use of tags 2022-06-13 11:40:01 -04:00
Sebastián Gómez
65e93fa992 Code refactoring 2022-06-13 09:28:11 -04:00
Sebastián Gómez
aed1719697 Lint fixes 2022-06-13 09:27:54 -04:00
paul-the-alien[bot]
e4fbc633a1
Merge pull request #1254 from marcincuber/feat/yaml 
Adding toYaml fromYaml helper functions
 2022-06-11 12:19:50 +00:00
marcincuber
c8f13a0e1a fix test 2022-06-11 12:15:13 +01:00
marcincuber
a1e7862698 add tests 2022-06-11 11:15:06 +01:00
Sebastián Gómez
7714c29c87 Merge branch 'main' into bug-1137 2022-06-10 17:09:03 -04:00
Sebastián Gómez
b4dcffbf86 Fix cases with properties and json 2022-06-10 17:07:42 -04:00
Rhaenys
f005cc0346
azkv more unittest coverage (#1149) 2022-06-10 22:09:59 +02:00
marcincuber
5fe3b2d810 lint 2022-06-10 11:09:46 +01:00
marcincuber
efc8ede754 add yaml helper functions 2022-06-10 11:04:59 +01:00
Alberto Llamas
d64941ece9 Once the AWS session is created first time, it can be reused 2022-06-07 10:25:30 +02:00
paul-the-alien[bot]
94aa568929
Merge pull request #1173 from external-secrets/dependabot/go_modules/github.com/1Password/connect-sdk-go-1.4.0 
build(deps): bump github.com/1Password/connect-sdk-go from 1.2.0 to 1.4.0
 2022-06-07 08:19:24 +00:00
Docs
cc1043d3a6
Update fakes to implement client for 1Password/connect-sdk-go v1.4.0 2022-06-01 16:38:41 -07:00
Gustavo Carvalho
e6f050e873 make sure we check if it is referent during NewClient 
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-06-01 13:15:36 -03:00
Gustavo Carvalho
a01a23bfc1 fixing panic if using JWT with KubernetesServiceAccountToken 
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-05-31 11:40:00 -03:00
Sebastián Gómez
c5909fb966 Fix the first case, nested json. Test was also added 2022-05-30 11:05:20 -04:00
Moritz Johner
8c14f8aff0 fix: loosen validation to enable referent auth. 
also adding tests for vault. this is the only provider that supports
that as of now.

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2022-05-23 20:10:16 +02:00
Moritz Johner
d4e9a56c21
fix: correctly convert matchExpressions to labelSelector (#1165) 
Fixes #1155

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2022-05-23 10:48:54 +02:00
Nitzan Nissim
97126d9798
Add support for IBM Secrets Manager's Private Certificate (#1160) 
* Use gsed on macos.

Signed-off-by: Marcin Kubica <marcin.kubica@engineerbetter.com>

* Add private_cert support

* Add private_cert support

Co-authored-by: Marcin Kubica <marcin.kubica@engineerbetter.com>
 2022-05-21 22:53:31 +02:00
paul-the-alien[bot]
1a6579b876
Merge pull request #1062 from dreadful-dragon/feature/azkv-tags-sync 
azkv tag feature
 2022-05-20 15:51:50 +00:00
paul-the-alien[bot]
3de2cc8bee
Merge pull request #1040 from AndreyZamyslov/yandex-certificate-manager 
Support for Yandex Certificate Manager
 2022-05-17 16:48:58 +00:00
Cristina DE DIOS GONZÁLEZ
3256bc4b82 azkv tag feature 2022-05-16 16:49:34 +02:00
paul-the-alien[bot]
49f4bad35d
Merge pull request #1108 from hydeenoble/provider/alibaba 
Implemented ValidateStore function for Alibaba Provider
 2022-05-13 22:21:03 +00:00
Docs
f4f2170502 "GetAllSecrets not implemented" -> "GetAllSecrets not supported" 2022-05-13 13:10:56 +03:00
Matt Demers
b004894b77 Add support for referencing secrets manager secrets by their VersionId 2022-05-11 16:30:30 -04:00
paul-the-alien[bot]
73a467479d
Merge pull request #1006 from Simspace/1Password 
Add 1Password support
 2022-05-09 19:55:56 +00:00
paul-the-alien[bot]
ff7e9f90f3
Merge pull request #1083 from external-secrets/beach-team 
Implement ValidateStore for Gitlab and Oracle providers
 2022-05-09 09:18:47 +00:00
david amick
435aefc7ac
Add 1Password support 2022-05-08 17:01:26 -07:00
Idowu Emehinola
ec7ae4f6df Implemented ValidateStore function for Alibaba Providergofmt 
Signed-off-by: Idowu Emehinola <hydeenoble39@gmail.com>
 2022-05-07 14:22:07 +02:00
Idowu Emehinola
65b92cd893 Merge branch 'main' of github.com:external-secrets/external-secrets into provider/alibaba 2022-05-06 18:56:27 +02:00
Idowu Emehinola
28a7299c8b Implemented ValidateStore function for Alibaba Provider 
Signed-off-by: Idowu Emehinola <hydeenoble39@gmail.com>
 2022-05-06 18:56:19 +02:00
Gustavo Carvalho
61b7c2a671 fix: fixed failing unit test 
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-05-06 13:22:14 -03:00
Marcin Kubica
71a36c471e
Fix: final fixes for both tests. 
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
Signed-off-by: William Young <will.young@engineerbetter.com>
 2022-05-06 16:59:59 +01:00
Marcin Kubica
97b977f58d
Refactor gitlab test 
Signed-off-by: William Young <will.young@engineerbetter.com>
 2022-05-06 15:01:15 +01:00
Idowu Emehinola
1f40329385 Updated validation for akeyless to catch invalid URLs and emtpy accessID name and keys 
Signed-off-by: Idowu Emehinola <hydeenoble39@gmail.com>
 2022-05-06 14:45:31 +02:00
Idowu Emehinola
90c7262c65 gofmt-ed files 
Signed-off-by: Idowu Emehinola <hydeenoble39@gmail.com>
 2022-05-06 13:44:38 +02:00
Idowu Emehinola
022f5aaf6f Updated validation for akeyless to catch invalid URLs and emtpy accessID name and keys 
Signed-off-by: Idowu Emehinola <hydeenoble39@gmail.com>
 2022-05-06 13:41:01 +02:00
Idowu Emehinola
3e3120669d Updated validation for akeyless to catch invalid URLs and emtpy accessID name and keys 
Signed-off-by: Idowu Emehinola <hydeenoble39@gmail.com>
 2022-05-06 13:27:55 +02:00
Idowu Emehinola
797e8614ed fix lint issues it PR 
Signed-off-by: Idowu Emehinola <hydeenoble39@gmail.com>
 2022-05-06 13:22:33 +02:00
Idowu Emehinola
fd3306d7be Updated validation for akeyless to catch invalid URLs and emtpy accessID name and keys 
Signed-off-by: Idowu Emehinola <hydeenoble39@gmail.com>
 2022-05-06 13:19:03 +02:00
William Young
8ca73aff47
Feat: Added and refactored accessToken validation 
Signed-off-by: Marcin Kubica <marcin.kubica@engineerbetter.com>
 2022-05-06 12:06:14 +01:00
William Young
5145302f6b
Feat: Added access key test validation 2022-05-06 11:55:27 +01:00
Gustavo Carvalho
3cc5ab1ec5 Merge branch 'validate-store-oracle' into beach-team 2022-05-06 06:52:47 -03:00
Gustavo Carvalho
f813f8634a Fixed SonarCloud code Smells 
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
Signed-off-by: Marcin Kubica <marcin.kubica@engineerbetter.com>
Signed-off-by: William Young <will.young@engineerbetter.com>
 2022-05-06 06:49:24 -03:00
Idowu Emehinola
124d7efdf2 Troubleshooting failed CI 
Signed-off-by: Idowu Emehinola <hydeenoble39@gmail.com>
 2022-05-05 23:36:33 +02:00
Idowu Emehinola
88fe6dd479 Troubleshooting failed CI 
Signed-off-by: Idowu Emehinola <hydeenoble39@gmail.com>
 2022-05-05 23:25:54 +02:00
Idowu Emehinola
8728f63a36 Troubleshooting failed CI 
Signed-off-by: Idowu Emehinola <hydeenoble39@gmail.com>
 2022-05-05 23:22:20 +02:00
Idowu Emehinola
564d509a16 make fmt 
Signed-off-by: Idowu Emehinola <hydeenoble39@gmail.com>
 2022-05-05 23:02:32 +02:00
Idowu Emehinola
e86ffac960 Implemented function for Akeyless provider 
Signed-off-by: Idowu Emehinola <hydeenoble39@gmail.com>
 2022-05-05 22:52:42 +02:00
Marcin Kubica
c65dbf6ce2
Fix: linter 2022-05-05 16:52:23 +01:00
Marcin Kubica
c0a305f04b
Completed tests for Oracle ValidateStore 2022-05-05 16:29:29 +01:00
William Young
b0719d2f54
Tests: Finished refactoring tests to table tests 
Signed-off-by: Dominic Meddick <dom.meddick@engineerbetter.com>
 2022-05-05 14:31:18 +01:00
Gustavo Carvalho
ad76205264 WIP: Implementing Table tests for ValidateStore 
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
Signed-off-by: Marcin Kubica <marcin.kubica@engineerbetter.com>
Signed-off-by: William Young <will.young@engineerbetter.com>
 2022-05-05 09:01:09 -03:00
Gustavo Carvalho
b3bfd97252 Added Fingerprint validation for Oracle Provider 
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
Signed-off-by: William Young <will.young@engineerbetter.com>
Signed-off-by: Marcin Kubica <marcin.kubica@engineerbetter.com>
 2022-05-05 08:49:35 -03:00
William Young
c395dc15bf
Feat: Added oracle privatekey validation 2022-05-05 12:21:15 +01:00
Marcin Kubica
326c27a730
continue with ValidateStore for Oracle 2022-05-04 17:58:16 +01:00
Marcin Kubica
55c8626e74
start adding ValidateStore for Oracle 
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@engineerbetter.com>
 2022-05-04 16:39:42 +01:00
William Young
10646af425
Minor lint change 2022-05-04 11:33:19 +01:00
William Young
0ec20ce1b1
Merge branch 'gitlab-validation' into beach-team 2022-05-04 11:22:09 +01:00
William Young
8744a24817
Feat: validation for porjectID 2022-05-04 11:13:13 +01:00
William Young
75e1cd14ed
Fix lint 2022-05-03 18:00:17 +01:00
William Young
35610a5a39
Feat: ValidateStore for GitLab provider 
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-05-03 17:33:26 +01:00
paul-the-alien[bot]
9838d44bae
Merge pull request #1075 from lfraga/feat/provider-senhasegura-dsm 
Add senhasegura DevOps Secrets Management (DSM) provider
 2022-05-03 12:57:59 +00:00
Jason Hancock
3f9d6b07fc vault provider: avoid panics if secret not found in vault 2022-05-02 11:01:20 -07:00
Docs
c73206b29c Add senhasegura DSM provider 2022-05-02 13:28:18 -03:00
Docs
1a0fbbf4cd add support for Yandex Certificate Manager 2022-04-28 18:45:26 +03:00
auyer
e19408fd84 Adds string replacement usage and test in Template 2022-04-27 16:52:41 -03:00
Romain DARY
d424b6ff70 chore: improve external secret reconciliation sequence 
Secret client is created only if we are going to refresh
this skip an unnecessary check/request in the case we are not going to do anything
 2022-04-27 12:34:48 +02:00
Docs
7cfbadae9c add support for Yandex Certificate Manager (linter errors) 2022-04-22 23:31:40 +03:00
Docs
9c2e1a692b add support for Yandex Certificate Manager (linter errors) 2022-04-22 22:49:13 +03:00
Docs
b1f3391022 add support for Yandex Certificate Manager (linter errors) 2022-04-22 22:21:43 +03:00
Docs
dc7df48cae add support for Yandex Certificate Manager 2022-04-22 21:40:52 +03:00
Docs
61c4579ef5 refactor Yandex Lockbox provider 2022-04-22 21:23:40 +03:00
Docs
b8370897f0
Update docs from v1alpha to v1beta1, fix typos 2022-04-18 12:15:39 -07:00
Gustavo Carvalho
6a67f5c435 Checking if condition is not nil before using it. 
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-04-18 08:19:47 -03:00
Merlin
4820cc9165 Ignore ExternalSecret processing if the store is not usuable (e.g. 
NotReady).
 2022-04-13 23:24:39 +02:00
paul-the-alien[bot]
84af221762
Merge pull request #959 from external-secrets/chore/refactor-vault 
Chore/refactor vault
 2022-04-13 13:02:14 +00:00
Gustavo Carvalho
4fcf272ce0 Refactoring vault provider. Removing RawRequest in favor of Logical 
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-04-13 07:13:25 -03:00
paul-the-alien[bot]
1d70e03b05
Merge pull request #981 from external-secrets/dependabot/go_modules/github.com/aws/aws-sdk-go-1.43.36 
build(deps): bump github.com/aws/aws-sdk-go from 1.41.13 to 1.43.36
 2022-04-12 05:42:18 +00:00
Corey Hinkle
fae1f80e0c
Implement validate for gitlab provider 2022-04-11 16:24:17 -04:00
Docs
db48b12d08 fix: migrate to new api 2022-04-11 14:15:33 +02:00
Pedro Carmezim
be893b1d51 fix 4sec timeout on Validate() method to 15sec 2022-04-11 12:43:58 +01:00
Pedro Carmezim
8dd947f9ba
Merge branch 'external-secrets:main' into feature/validate-gitlab-provider 2022-04-11 12:35:13 +01:00
paul-the-alien[bot]
6d2614e3fa
Merge pull request #968 from external-secrets/fix/creation-policy-merge-behavior 
Adding owner reference to the external secret name.
 2022-04-08 15:59:17 +00:00
Gustavo Carvalho
4d2dc2c34c Adding owner reference to the external secret name, instead of to a generic 'external-secrets' name 
Fixes #918

Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-04-08 10:42:18 -03:00
paul-the-alien[bot]
0c8851c541
Merge pull request #966 from external-secrets/fix/aws-keys-with-dot 
Fixes gjson behavior for aws SecretsManager and ParameterStore
 2022-04-07 16:17:29 +00:00
Pedro Carmezim
3da29b1626
Merge branch 'external-secrets:main' into feature/validate-gitlab-provider 2022-04-07 16:07:16 +01:00
Pedro Carmezim
1f07096404 add coonection Close, add default port on Network Validate 2022-04-07 16:05:21 +01:00
Pedro Carmezim
33d794e3b2 add Utility method to validate Network Connection, add Validate method for akeyless,alibaba,gitlab and webhook 2022-04-07 15:35:22 +01:00
Docs
f73c8be5af chore: force interface validation 2022-04-07 14:29:44 +02:00
Gustavo Carvalho
00219dbd3c Fixes gjson behavior for aws SecretsManager and ParameterStore 
Fixes #963

Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-04-07 09:13:32 -03:00
paul-the-alien[bot]
4cbf1b8742
Merge pull request #946 from external-secrets/feat/gcp-getall 
feat: gcp getall implementaion
 2022-04-07 10:36:08 +00:00
paul-the-alien[bot]
ef933a03fd
Merge pull request #949 from merlindorin/feat/improve-retry 
Delegate retry to the controller
 2022-04-06 19:57:38 +00:00
Docs
f5293c58be docs: starts with filter comment 2022-04-06 19:13:27 +02:00
Merlin
abec2a64cc Delegate Vault retries to the controller 2022-04-06 18:53:45 +02:00
Docs
5ab6ec4e27 fix: check if path is actualy at the start 2022-04-06 18:47:49 +02:00
Docs
eddca9936c fix: don't trim path from key 2022-04-06 18:29:27 +02:00
Docs
2c246c6d56 feat: gcp getall implementaion 2022-04-06 18:29:27 +02:00
Alfred Krohmer
8c09853343
fix: error message for Vault store validation of Auth.Jwt.KubernetesServiceAccountToken 2022-04-06 13:22:38 +02:00
Gustavo Carvalho
77ace228b5 Removing Path trimming from hashicorp Vault 
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-04-06 06:41:52 -03:00
Gustavo Carvalho
e2060fd6d9 GCP: Adds checks to see if a key name exists before trying to load a nested value. 
Fixes #941

Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-04-05 10:52:47 -03:00
Moritz Johner
c2bcceb057
feat: implement deletionPolicy (#900) 
* feat: implement deletionPolicy

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Gustavo Fernandes de Carvalho <gustavo.carvalho@container-solutions.com>
 2022-04-05 13:38:06 +02:00
paul-the-alien[bot]
fa72948026
Merge pull request #934 from merlindorin/fix/retry-on-error 
fix: use controller-runtime internal backoff retry
 2022-04-05 11:20:08 +00:00
Docs
1158a29591 fix lint errors 2022-04-04 21:22:13 -03:00
Docs
585509a454 Adds ValidateSecretSelector 2022-04-04 21:22:13 -03:00
Docs
fb4fcb4d03 Adds ValidateStore testing 2022-04-04 21:21:57 -03:00
Docs
3a1a302ca9 implements ValidateStore method 2022-04-04 21:18:04 -03:00
Alfred Krohmer
d7022b1bef
feat(vault): add option for JWT backend to authenticate with Kubernetes service account token (#768) 2022-04-04 21:20:58 +02:00
Merlin
2d988b9497 fix: use controller-runtime internal backoff retry instead of explicitly ask a fixed retry 2022-04-04 11:22:01 +02:00
paul-the-alien[bot]
8527fe1d13
Merge pull request #896 from burak-yuksel/feature/validate-kubernetes-provider 
Validate for Kubernetes Provider
 2022-03-31 07:20:17 +00:00
Gustavo Fernandes de Carvalho
4ca3cd6636
Merge pull request #870 from haf-tech/ibmcloud-sm-kv2 
Enhance IBM Secrets Manager support with kv secretType
 2022-03-31 04:18:11 -03:00
Burak Yuksel
a88ff1ebcc Merge remote-tracking branch 'origin/main' into feature/validate-kubernetes-provider 2022-03-29 16:46:26 +02:00
Hafid.Haddouti
a29a652837 Fix lint/fmt issues 2022-03-26 12:37:30 +01:00
Hafid.Haddouti
763019d1ff Enhance IBM SM provider for SecretMap 2022-03-26 12:28:26 +01:00
Sebastián Gómez
b1a240db6f Fixed lint issue 2022-03-25 16:48:08 -04:00
Sebastián Gómez
3cfb9ba2c1 Merge from main 2022-03-25 16:32:45 -04:00
Sebastián Gómez
3b6c6ca09a Fixed some masked error and avoided panics 2022-03-25 16:17:18 -04:00
paul-the-alien[bot]
85937c99e7
Merge pull request #800 from kinyat/feat/scoped-rbac 
Add the ability to support scoped RBAC with a scoped namespace
 2022-03-25 16:05:30 +00:00
Burak Yuksel
b766dd226d For failing SonarCloud tests 2022-03-25 15:40:58 +01:00
Burak Yuksel
2f1a5b8ee7 For failing tests 2022-03-25 15:35:11 +01:00
Burak Yuksel
c2e45b0244 Validate for Kubernetes Provider 2022-03-25 15:25:48 +01:00
Hafid.Haddouti
9f67c187ca Fix lint/fmt issues 2022-03-24 20:21:29 +01:00
Hafid.Haddouti
0fcdf2b11b Fix lint issues 2022-03-24 20:10:21 +01:00
Hafid.Haddouti
aed6ec295b Enhance logic support . in key and returning entire payload if no property is set 2022-03-24 20:06:32 +01:00
Moritz Johner
56c69a1063
feature: aws getallsecrets (#820) 
* feature: aws getallsecrets

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* fix: e2e test / find by name

* feat: add get-by-tags tests, consolidate with existing ones

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* feat: add path tests

* fix: revert azure

* fix: secretsmanager prealloc

* feat: aws sm path tests

* feat: implement secretsmanager path filter

* fix: use low refresh interval due to eventual consistency

* revert makefile changes

* fix: add path test cases to managed

Co-authored-by: Docs <docs@external-secrets.io>
 2022-03-24 17:09:32 +01:00
Eric Chan
4055e7d186 refactor and add unit test for skipping cluster secret store 2022-03-24 23:55:06 +10:00
Eric Chan
da6e457b50 skip processing cluster secret store 2022-03-24 23:55:00 +10:00
paul-the-alien[bot]
d27f256ede
Merge pull request #873 from gusfcarvalho/fix/mutex-on-gcp 
Adding mutexes only for GCP provider
 2022-03-24 09:53:43 +00:00
Gustavo Carvalho
bae43b39c4 Adding mutexes only for GCP provider 
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-03-24 06:34:07 -03:00
paul-the-alien[bot]
ed56410b47
Merge pull request #868 from external-secrets/chore/validate-store-for-providers 
Adds ValidateStore for some providers
 2022-03-24 09:29:24 +00:00
Hafid.Haddouti
4bc0b2a12a Merge from main 2022-03-23 19:20:00 +01:00
paul-the-alien[bot]
697c4dcdd6
Merge pull request #849 from ibm-cloud-security/main 
Add public_cert support
 2022-03-23 13:27:55 +00:00
Gustavo Carvalho
5f608594a4 Removing Key checks from utils.go and passing them to IBM provider 
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-03-23 08:06:07 -03:00
Hafid.Haddouti
3b43592cc6 Optimize lint/fmt issues 2022-03-23 07:33:21 +01:00
Moritz Johner
cf7e3832ae
feat(azure): implement workload identity (#738) 
* feat(azure): implement workload identity

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Henning Eggers <henning.eggers@inovex.de>
 2022-03-22 21:59:01 +01:00
Hafid.Haddouti
ff19991e27 Optimize lint/fmt issues 2022-03-22 20:30:55 +01:00
Hafid.Haddouti
106508701a Optimize lint/fmt issues 2022-03-22 20:16:06 +01:00
Hafid.Haddouti
6dd2cc6fe2 Optimize lint/fmt issues 2022-03-22 19:44:46 +01:00
Hafid.Haddouti
97fc95cab5 Optimize lint/fmt issues 2022-03-22 19:24:58 +01:00
Hafid.Haddouti
004e4280b6 Optimize lint/fmt issues 2022-03-22 19:10:43 +01:00
Hafid.Haddouti
e6554fa34b Finalize kv secretType support for IBM Cloud SM. Fix fmt 2022-03-22 18:21:13 +01:00
Hafid.Haddouti
03da4458af Finalize kv secretType support for IBM Cloud SM 2022-03-22 18:01:14 +01:00
Hafid Haddouti
0a5a9d32af After make fmt 2022-03-21 19:43:01 +01:00
Hafid Haddouti
eb88e696ea Remove unused ref 2022-03-21 19:28:29 +01:00
Hafid Haddouti
1bbc02daaf Enhance IBM Secrets Manager support with kv secretType 2022-03-21 19:07:48 +01:00
Gustavo Carvalho
86795c0a5e Adding ValidateStore for IBM provider. Improving util check 
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-03-21 14:54:43 -03:00
Gustavo Carvalho
effbe7ebb8 Adding ValidateStore for fake provider 
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-03-21 14:43:23 -03:00
nitzann
951acdc4bb Add public_cert support 2022-03-20 10:35:17 +02:00
Daniel Hix
324c7def06
feat: implement ClusterExternalSecret (#542) 
Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
 2022-03-20 09:32:27 +01:00
Moritz Johner
c1db2b5754 fix: integrate sdk changes 2022-03-18 20:39:15 +01:00
AndreyZamyslov
45449dccc9
Yandex Lockbox Connection Leaks (#835) 
* fix Yandex Lockbox provider connection leaks (https://github.com/external-secrets/external-secrets/issues/833)

* fix Yandex Lockbox provider connection leaks (https://github.com/external-secrets/external-secrets/issues/833)
 2022-03-16 17:58:01 +01:00
paul-the-alien[bot]
fb056cc9b5
Merge pull request #784 from external-secrets/feature/hashivault-getallsecrets 
Implements Hashicorp Vault GetAllSecrets
 2022-03-12 11:19:04 +00:00
Gustavo Carvalho
caf00a43aa Chore: bumping gitlab-go to 0.58.0 
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
 2022-03-10 08:46:17 -03:00
Gustavo Carvalho
b093db366d Fixing lint 
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-03-09 13:58:54 -03:00
Gustavo Carvalho
8be3cd5a72 Moving duplication validation logic to utils method 
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-03-09 13:49:17 -03:00
paul-the-alien[bot]
439ecfaf9d
Merge pull request #783 from AtzeDeVries/allow-gcp-cross-project-secrets 
GCP: allow cluster to be in different project
 2022-03-09 10:03:20 +00:00
Gustavo Carvalho
164e8776ec Adding docs and implementing ConversionStrategy 
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-03-09 06:59:54 -03:00
Gustavo Carvalho
2f23fd28ed Adding GetAllSecrets for Hashicorp Vault 
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-03-09 05:40:09 -03:00
Gustavo Carvalho
0086fe2342 WIP: GetAllSecrets for vault method 
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-03-09 05:39:09 -03:00
Atze de Vries
c560b0ced5 fix lint 2022-03-09 09:26:36 +01:00
Atze de Vries
03fc0e9dc1 use storespec directly in get ClusterProjectID 2022-03-09 08:49:50 +01:00
Sebastián Gómez
b0240cf45a Fix merge conflict 2022-03-07 13:59:58 -05:00
Sebastián Gómez
02a8878707 Implement GetAllSecrets for Azure Key Vault 2022-03-07 13:55:10 -05:00
Atze de Vries
6574697e9e remove unwanted stuff 2022-03-07 12:57:54 +01:00
Atze de Vries
d9f87c296d rework clusterProjectID and add test 2022-03-07 12:56:08 +01:00
Atze de Vries
2f53ab8220 also make optional for v1beta1 and add note to docs 2022-03-03 19:35:38 +01:00
paul-the-alien[bot]
b9de64b967
Merge pull request #750 from external-secrets/feature/validating-webhook 
Feature: validating webhook
 2022-03-02 17:10:56 +00:00
Atze de Vries
da47ad2cac GCP: allow cluster to be in different project 2022-03-02 11:24:04 +01:00
Moritz Johner
8fc4484cc6 feat: implement validating webhook 
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2022-03-01 21:25:15 +01:00
Marc Billow
6de9399126 Fix template fallback logic to handle TemplateFrom syntax 2022-02-23 16:34:50 -06:00
Moritz Johner
fb8f496204 Merge branch 'main' into feature/conversion-webhook 2022-02-23 08:15:03 +01:00
rodrmartinez
045e056719 Fix sonarcloud code smells 2022-02-22 15:55:31 -03:00
rodrmartinez
e887e49436 leaves Validate() method empty for now 2022-02-22 15:46:58 -03:00
rodrmartinez
7c4a17a9c3 Merge branch 'main' into feature/kubernetes-provider 2022-02-17 15:38:45 -03:00
rodrmartinez
86d7710727 changing kubernetes api struct 2022-02-17 14:45:43 -03:00
Gustavo Carvalho
847b95e4fd Merge branch 'main' into feature/conversion-webhook 
Disabled secrets cache for cert controller.

Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-02-17 09:35:20 -03:00
paul-the-alien[bot]
18b4f2be8b
Merge pull request #703 from external-secrets/chore/cleanup-azure-provider 
chore: cleanup az/keyvault provider
 2022-02-17 11:56:00 +00:00
paul-the-alien[bot]
4cca87b6d7
Merge pull request #729 from external-secrets/fix/disable-sec-cm-cache 
feat: avoid caching secrets/configmaps
 2022-02-17 09:15:31 +00:00
Gustavo Carvalho
40ec693479 Merge branch 'main' into feature/conversion-webhook 
Fixed conflicts and implemented necessary changes for v1beta1
 2022-02-16 16:00:32 -03:00
paul-the-alien[bot]
86aedda434
Merge pull request #701 from external-secrets/feature/template-string-interface 
feat: implement template engine v2
 2022-02-16 17:16:24 +00:00
Moritz Johner
899cf72f22 feat: avoid caching secrets/configmaps 
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2022-02-16 14:37:42 +01:00
paul-the-alien[bot]
ff4af57a7b
Merge pull request #727 from external-secrets/fix/vault-key-with-dot 
fix: vault keys should take precedence over gjson
 2022-02-15 18:28:41 +00:00
Moritz Johner
094bcf0332 fix: vault keys should take precedence over gjson 2022-02-15 17:28:14 +01:00
castaneai
3fd3cc0186
Fix the leak in GCPSM when the secret operator cannot find the secret. (#722) 
* fix(gcp): Fix the leak in GCPSM when the secret operator cannot find the secret.

The IAM client has an internal gRPC connection,
but if the secret fetch fails, the goroutine created by the gRPC connection will leak.

Therefore, close the IAM client when the creation of the GCPSM client fails.

* test: fix build error on fakeIAMClient
 2022-02-15 16:54:11 +01:00
Gustavo Carvalho
96cb340ace Implementing Requeue Interval for certController. Fixing unit tests and check-diff 
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-02-14 16:05:17 -03:00
Gustavo Carvalho
1d8cfc4a12 Changed logic of Webhook check for certs. 
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-02-14 15:46:10 -03:00
Gustavo Carvalho
31eedfbb26 Fixing up some code smells 
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-02-14 10:36:12 -03:00
Gustavo Carvalho
1587fa02b1 Improved deployments and crd logic. Added cert-controller reconcile tests 
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-02-14 10:08:27 -03:00
Gustavo Carvalho
3d9e5a9fdb Adding controller tests for cert-controller 
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-02-14 09:01:21 -03:00
Gustavo Carvalho
e776f6d843 WIP: implementing separate deployments 
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-02-13 09:14:41 -03:00
Gustavo Carvalho
ab03bcdcc7 Making reviewable 
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-02-11 15:17:20 -03:00
Gustavo Carvalho
a85e487d1d Added unit tests for crd controller methods. 
Added simple GetAllSecrets logic test
Starting (and failing to) test on controller level

Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-02-11 15:14:14 -03:00
Gustavo Carvalho
024b64fe39 Added Readiness Probe for helm charts. 
Fixed make generate command to not use kubectl
Fixed lint

Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-02-11 08:10:11 -03:00
Moritz Johner
74fca707b3 feat(template): add filterPEM function 
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2022-02-11 08:32:37 +01:00
Moritz Johner
9486dd85dd fix(template): extract multiple certs/keys from PKCS#12 
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2022-02-11 08:26:32 +01:00
Moritz Johner
009b60de19 fix(webhook): use v2 template funcs with webhook provider 
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2022-02-11 08:26:32 +01:00
Moritz Johner
a627e82639 chore: fix smells 
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2022-02-11 08:26:32 +01:00
Moritz Johner
54e68399ec feat: implement template engine v2 
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2022-02-11 08:26:31 +01:00
Gustavo Carvalho
23784803ff Merge branch 'main' into feature/conversion-webhook 
Updated Oracle provider new specs for v1beta1
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-02-10 16:55:37 -03:00
Gustavo Carvalho
fd9e09a1ee WIP: Structured reconciliation loops for CRDs 
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-02-10 14:12:13 -03:00
paul-the-alien[bot]
027f28ec97
Merge pull request #700 from EladGabay/elad/oci-secret-by-name 
oracle vault: Use instance principal if auth is empty
 2022-02-10 10:34:40 +00:00
rodrmartinez
dc41b40dda Adds linting changes 2022-02-09 17:33:54 -03:00
rodrmartinez
a318978afd Adds setAuth test func 2022-02-09 15:23:03 -03:00
rodrmartinez
da858878d8 refactor setAuth method 2022-02-09 15:22:37 -03:00
Gustavo Carvalho
82ddeb9de5 Merge branch 'main' into feature/conversion-webhook 
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-02-08 16:40:06 -03:00
Gustavo Carvalho
0530385992 v1beta1 initial commit 
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-02-08 14:07:34 -03:00
paul-the-alien[bot]
31efb94b20
Merge pull request #674 from external-secrets/feat/vault-nested-values 
allow nested json in vault
 2022-02-08 15:29:20 +00:00
Moritz Johner
4b5d047934 chore: cleanup az/keyvault provider 
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2022-02-08 13:04:18 +01:00
Moritz Johner
5b8ab034ec feat(vault): marshal nested value as json, add docs 
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2022-02-08 08:05:10 +01:00
Elad Gabay
fe416890b1 oracle vault: Use instance principal if auth is empty 
Currently the oracle vault's secretstore uses a specific user credentials.
This commit introduce a new way to access the vault, using the instance principal.

All user's details moved to "auth" section in the OracleProvider which now is optional.
If "auth" is empty, by default, we use the instance principal, otherwise if specified user's auth details, we use them.

In addition:
- Fixed the fingerprint secret reference which until now used the privatekey secret instead of its reference.
- Bump OCI SDK version.
 2022-02-07 18:38:10 +02:00
Lucas Severo Alves
6630ab7494
Initial draft of reporter (#466) 
* Initial draft of reporter

* Test out reporter in AWS provider

* trying out different events approach

* feat: implement store reconciler and events

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* feat: add validate() method to provider interface

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* fix: use static requeue interval in store ctrl

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

Co-authored-by: Mircea Cosbuc <mircea.cosbuc@container-solutions.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
 2022-02-07 11:42:18 +01:00
Moritz Johner
2ac4053648 feat(vault): allow using nested json 
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2022-02-05 22:11:41 +01:00
Moritz Johner
fe1cb8bc69 feat(provider): implement fake provider 
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2022-02-01 11:18:43 +01:00
Moritz Johner
e015bed08d chore: update k8s / envtest 2022-01-28 19:51:07 +01:00
paul-the-alien[bot]
6f4c03a75d
Merge pull request #645 from external-secrets/fix/delete-secret-using-tpl 
fix: ensure that data is being deleted when using tpl
 2022-01-27 14:49:00 +00:00
Jeroen Op 't Eynde
83afebe9b3
fix(metrics): ensure status_condition metrics reflect the status (#612) 
* fix(metrics): ensure status_condition metrics reflect the status

* lint fixes

* fix(metrics): remove condition=deleted metric (+lint fixes)
 2022-01-27 14:26:09 +01:00
Moritz Johner
e2701fa35a fix: ensure that data is being deleted when using tpl 2022-01-26 20:14:59 +01:00
rodrmartinez
cbd350fef6 Adds lockbox again to register 2022-01-26 15:41:09 -03:00
rodrmartinez
5a766c1995 Adds GetSecret and GetSecretMaps methods 2022-01-26 15:29:14 -03:00
rodrmartinez
8620174449 Adds kubernetes provider to register 2022-01-26 15:28:37 -03:00
paul-the-alien[bot]
5a8df8cb18
Merge pull request #642 from external-secrets/fix/webhook-test-race 
fix: webhook test race
 2022-01-26 18:14:48 +00:00
rodrmartinez
1c5ce19a20 Adds Kubernetes Provider 2022-01-25 17:14:48 -03:00
Moritz Johner
edb2c290f4 fix(gcp): use gax-go v2 package 
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2022-01-25 21:09:33 +01:00
Moritz Johner
ce6f5b1653 fix: webhook test race 2022-01-25 20:45:45 +01:00
paul-the-alien[bot]
0b9c142a22
Merge pull request #618 from external-secrets/feature/aws-e2e-managed 
feat(e2e): implement aws tests, enhance gcp tests
 2022-01-24 10:46:02 +00:00
Moritz Johner
008268ee00 feat(e2e): implement aws tests, enhance gcp tests 
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2022-01-21 23:37:50 +01:00
Marc Ingram
07415bdabf improve test? 2022-01-21 14:01:45 -07:00
Marc Ingram
e93a1716f5 fix format and lint 2022-01-21 13:36:41 -07:00
Marc Ingram
705ffbbd95 Optimise patching so as changes only happen with something changes 2022-01-21 12:36:05 -07:00
Marc Billow
01355b7653 Formatting and linting fixes 2022-01-19 16:28:23 -06:00
Marc Billow
0753da1cbd Support for eventual consistency in Vault Enterprise 2022-01-19 16:25:01 -06:00
Lucas Severo Alves
16948ed572
Merge pull request #596 from EladGabay/elad/oci-secret-by-name 
OCI Vault: Get secret by name from a specific Vault
 2022-01-16 17:20:46 +00:00
Elad Gabay
dbedbedb96 make fmt 2022-01-16 13:30:21 +02:00
Lucas Severo Alves
2bacd30313
Merge pull request #569 from rodrmartinez/oci-patch 
Replace vaults with secrets package to retrieve secrets
 2022-01-16 11:13:50 +00:00
Elad Gabay
cab49e57f7 oracle: Get secret by name from a specific vault 2022-01-16 13:11:46 +02:00
Moritz Johner
27854adaa5 fix: force ownership when merging secrets 
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2022-01-14 22:27:27 +01:00
paul-the-alien[bot]
4c6b6a1e84
Merge pull request #525 from HanseMerkur/vault_optional_path 
Optional path for Vault SecretStore
 2022-01-14 19:33:29 +00:00
rodmartinez
90abbdf642 remove byte conversion and add return error 2022-01-14 13:46:16 -03:00
rodmartinez
721086d520 encode apiOutput content 2022-01-14 12:59:59 -03:00
rodmartinez
4373bb2775 Decode base64 payoload 2022-01-14 12:59:59 -03:00
rodmartinez
b962666b1c Remove unused constant, errInvalidSecret 2022-01-14 12:59:59 -03:00
rodmartinez
60454a4760 refactor apiOutput on TestGetSecretMap 2022-01-14 12:59:59 -03:00
rodmartinez
9f98cabe63 complete apiOutput 2022-01-14 12:59:59 -03:00
rodmartinez
a1f78cbae1 replace vault with secrets pkg 2022-01-14 12:59:59 -03:00
rodmartinez
9b4e9a919d replace vault with secrets in fake package 2022-01-14 12:59:59 -03:00
rodmartinez
c8c67258c2 Replace OCI vault with secrets package 2022-01-14 12:59:59 -03:00
Sebastian Gomez
6f8a4c4a35 Removed duplicated code 2022-01-13 12:43:42 -05:00
Lennart Weller
015b35add2 Linter wasn't happy. Again 2022-01-13 18:40:23 +01:00
Sebastian Gomez
8784bfc5ba Fixed lint issues 2022-01-13 12:13:33 -05:00
Sebastian Gomez
119d4b809b Merge branch 'main' into akv-table-tests 2022-01-13 10:45:48 -05:00
Sebastian Gomez
d75fcb9269 Fixed some lint issues 2022-01-12 15:29:57 -05:00
Sebastian Gomez
385caa156f Table driven test with anonymous functions implemented. 
The NewClient tests were kept as they were.
 2022-01-12 14:33:38 -05:00
paul-the-alien[bot]
44d4cf061b
Merge pull request #559 from willemm/feat/generic_webhook 
Add generic webhook provider
 2022-01-11 15:50:05 +00:00
Willem Monsuwe
00558e1dd5 Moved http client initialization to NewClient 2022-01-11 11:09:12 +01:00
Willem M
7160cab0b8
Use MethodGet field instead of hardcoded string literal 
Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>
 2022-01-11 00:02:32 +01:00
Lennart Weller
23c859eaf9 Pull changes from linter 2022-01-10 10:12:17 +01:00
Lennart Weller
0d06247163 Made SecretStore path for Vault optional 
* Backwards compatible change
  * Added tests to check for a range of possible combinations for paths
 2022-01-10 10:12:17 +01:00
Brent Spector
26f9be4fb1 add path to jwt vault auth 2022-01-05 15:22:00 -08:00
Brent Spector
561bd3ae56 Add support for mount path in ldap auth 2022-01-05 14:54:50 -08:00
Willem Monsuwe
aed3d30736 Apparently I was a bit overzealous in removing nil checks 2021-12-30 10:45:36 +01:00
Willem Monsuwe
fe043ed8ed TIL you can range over nil slices in go 2021-12-30 09:02:29 +01:00
Willem Monsuwe
f971d4b9b3 Try to address some complexity code smells 2021-12-29 17:18:52 +01:00
Willem Monsuwe
d04508e974 Added generic webhook provider 
This provider allows a secretstore with a generic url (templated)
which will be called with a defined method, headers (templated)
and optional body (also templated)
The response can be parsed out with a jsonPath expression
 2021-12-29 10:53:29 +01:00
Lucas Severo Alves
fc4eedfd63
Merge pull request #427 from jack-evans/concurrency 
add concurrent flag to allow more reconciles at the same time
 2021-12-27 11:10:45 +01:00
Moritz Johner
b9f2910182 fix: supported nested json with dataFrom 
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2021-12-22 21:11:39 +01:00
Jack Evans
d77f543c98
add concurrent flag to allow more reconciles at the same time 2021-12-17 15:36:51 +00:00
Moritz Johner
80fac0f697 feat: add gcp workload identity via SA 
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
 2021-12-17 12:20:12 +01:00
paul-the-alien[bot]
78d046b712
Merge pull request #530 from ADustyOldMuffin/add-docs-and-fix-ca-vault 
Add documentation for CAProvider namespace and fix issue with SecretStore
 2021-12-16 19:44:24 +00:00
Vladimir Fedin
c351efcc15
Add ability provide CA for Yandex' Lockbox provider (#487) 
* Add ability provide CA for Yandex' Lockbox provider

* Add tests for getting CA from secrets at Lockbox provider

* fixup! Add tests for getting CA from secrets at Lockbox provider

Co-authored-by: Vladimir Fedin <vladimirfedin@yandex-team.ru>
 2021-12-16 20:16:23 +01:00
Andrew Leap
60fd67aeec Add testcase 2021-12-16 15:14:27 +00:00
Andrew Leap
f1fad4576c Support common idiom for GCP SM 
Common idiom for GCP SM is like:
{
    "name": {
        "client_id": "<client_id>",
        "client_secret": "<client_secret>",
    }
}

Using DataFrom, the current GCP SM will fail to unmarshal cause it's expecting
{
    "name": "{\"client_id\": \"<client_id>\", \"client_secret\": \"<client_secret>\"}",
}
which is much more annoying to work with.  By tweaking the implementation to
try to decode to a string, but if that fails, use the raw []byte of the value
we get the best of both worlds.
 2021-12-15 18:47:43 +00:00
Daniel Hix
d53b3df7f8 Remove namespace requirement for secret store and require for cluster secret store 2021-12-13 17:07:32 -06:00
Daniel Hix
e8791280a9 Some quick lint fixes. 2021-12-13 14:27:15 -06:00
Daniel Hix
d0a46060cc Add test to check for invalid duration input. 2021-12-13 14:14:37 -06:00
Daniel Hix
082cee230f Merge branch 'main' into ibm-enable-retries 2021-12-13 13:27:57 -06:00
Laszlo Varadi
a976e32831 Supporting Managed Identity authentication for Azure Keyvault 2021-12-06 10:26:34 +01:00
Moritz Johner
12a25fca8b fix: IsNil fails on struct value 2021-11-26 09:59:10 +01:00
Martin Montes
394c4257f1
Checking nil value when parsing secret values. Added tests 2021-11-19 11:15:07 +01:00
Martin Montes
d09beae10b
fix: checking nil values when reading secret in vault provider 2021-11-18 19:23:17 +01:00
renanaAkeyless
ecef240319
Merge branch 'external-secrets:main' into main 2021-11-09 20:43:31 +02:00
renanaAkeyless
7ae9c40668 Update akeyless.go 2021-11-09 20:35:01 +02:00
renanaAkeyless
0348bbb59d lint 2021-11-08 13:27:12 +02:00
renanaAkeyless
4a5877d926 Adde Akeyless 2021-11-07 16:18:40 +02:00
paul-the-alien[bot]
0fb03e4650
Merge pull request #450 from external-secrets/feature/log-on-success 
Added log for first secret reconciliation after errors
 2021-11-02 23:34:57 +00:00
Lucas Severo Alves
54c1a3d9d8
Merge pull request #460 from jmhobbs/golangci-lint-update 
golangci-lint install and version update
 2021-11-02 20:05:20 -03:00
paul-the-alien[bot]
cc79b7b615
Merge pull request #422 from FGA-GCES/eduardo/code_smells 
Fixing some codeSmells
 2021-11-02 23:04:05 +00:00
Eduardo Vieira
1742b9c9fc Adjsuting lint 2021-11-02 18:30:39 -03:00
Gustavo Carvalho
03afd1099c Adding inline comments explaining log functionality 
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2021-11-01 17:53:59 -03:00
andreabenf
a0385ef7f2 Changing variables names 2021-10-28 14:11:14 -03:00
andreabenf
460de06636 adjusting code smells 2021-10-28 14:09:19 -03:00
John Hobbs
33cee58948 Replace deprecated golangci-lint checkers. 2021-10-27 17:01:15 -05:00
paul-the-alien[bot]
91140d0d83
Merge pull request #445 from external-secrets/fix/aws-provider-panic 
Fixing panic due to no Namespace on ServiceAccountRef
 2021-10-27 12:48:31 +00:00
Gustavo Fernandes de Carvalho
b8ba78d1b1 Added log for first secret reconciliation after errors 
Fixes #444

Signed-off-by: Gustavo Fernandes de Carvalho <gustavo.carvalho@container-solutions.com>
 2021-10-25 16:29:22 -03:00
paul-the-alien[bot]
6279801382
Merge pull request #437 from external-secrets/fix/codesmells 
Fixed Sonarqube yandex codesmell
 2021-10-25 17:31:33 +00:00
Gustavo Carvalho
403b1a34a0 Fixing lint 
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2021-10-22 14:45:21 -03:00
Gustavo Carvalho
389f7e45de Reducing duplications and fixing code smells 
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2021-10-22 14:39:37 -03:00
Gustavo Carvalho
d022cc31ab Fixing panic due to no Namespace on ServiceAccountRef 
Fixes #419

Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
 2021-10-22 14:22:40 -03:00
Eduardo Lima
ff90d4eb44
Removing "map" from test const name 2021-10-21 14:46:47 -03:00
Daniel Hix
3b743a39b8 Enable retries on the IBM provider 2021-10-20 18:50:21 -05:00
Arthur
dc8398b6c1 merge main into refactor/cognitifeComplexity 2021-10-20 19:15:29 -03:00