1
0
Fork 0
mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00
Commit graph

2134 commits

Author SHA1 Message Date
bvdboom
13f26e6e24
📖 fix typo (#2042)
Signed-off-by: bvdboom <bvdboom@users.noreply.github.com>
Co-authored-by: Bernard <bv.local>
2023-02-23 14:08:39 +01:00
bvdboom
0ed699537a
Update azure-key-vault.md (#2039)
Removing redundant pipe

Signed-off-by: bvdboom <bvdboom@users.noreply.github.com>
2023-02-22 17:13:13 +01:00
Ehud Yonasi
6ecd826a32
Fix for the PushSecret example docs (#2034)
Co-authored-by: eyonasi <eyonasi@habana.ai>
2023-02-21 19:17:22 +01:00
Sebastián Gómez
1cfca77b9b
Add MetadataPolicy=Fetch for AWS Secret Manager (#2025)
* Get all the properties

Signed-off-by: Sebastián Gómez <sebastiangomezcorrea@gmail.com>

* Add secrets to the cache

Signed-off-by: Sebastián Gómez <sebastiangomezcorrea@gmail.com>

* First set of tests

Signed-off-by: Sebastián Gómez <sebastiangomezcorrea@gmail.com>

* Last set of tests added

Signed-off-by: Sebastián Gómez <sebastiangomezcorrea@gmail.com>

* Fixed lint issues

Signed-off-by: Sebastián Gómez <sebastiangomezcorrea@gmail.com>

* Improved Tags to string mechanism

Signed-off-by: Sebastián Gómez <sebastiangomezcorrea@gmail.com>

* Fix lint complain

Signed-off-by: Sebastián Gómez <sebastiangomezcorrea@gmail.com>

---------

Signed-off-by: Sebastián Gómez <sebastiangomezcorrea@gmail.com>
Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>
2023-02-21 18:55:03 +01:00
dependabot[bot]
f1f6bf1931
chore(deps): bump golang from 1.20.0-alpine to 1.20.1-alpine (#2026)
Bumps golang from 1.20.0-alpine to 1.20.1-alpine.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-20 11:06:07 +01:00
Moritz Johner
409f18b964
🧹 bump deps (#2032)
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2023-02-20 11:03:07 +01:00
Charles Wimmer
6a5d3482dc
Add PushSecret CRD to kustomization.yaml (#2021)
Signed-off-by: Charles Wimmer <charles@wimmer.net>
2023-02-17 19:31:19 +01:00
Matheus Tosta
39c8a49bfb
fix typo in the full-pushsecret.yaml (#2019)
* fix typo in the full-pushsecret.yaml

* change the array reference of the remoteKey from the full-pushsecret.yaml to a map reference
2023-02-17 19:29:59 +01:00
Moritz Johner
2acc637106
fix: pass tenantID correctly to acr generator (#2010)
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2023-02-14 21:57:31 +00:00
Moritz Johner
d2e1aa7156
feat: add pr template (#2011)
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2023-02-14 21:57:06 +00:00
Moritz Johner
151d83e807
chore: bump dependencies (#2012)
* chore: bump dependencies

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* fix: disable flow logs in EKS testbed

This causes issues in the way we set up the trust relationship between
GHA and AWS; We see a HTTP 400 when tf tries to assume this role.
Because
we don't need this we can disable it.

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

---------

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2023-02-14 17:42:44 +00:00
Moritz Johner
1e04177045
fix: fix validation method in kubernetes provider (#2000)
RBAC allows a user to define a wildcard `*` for a given field in the
Resource Rule. Prefix/Suffix matching or globbing is not supported,
just simple wildcards.
For example the cluster-admin role has a `*` on all
apiVersion/resource/verbs and hence validation would fail.

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2023-02-13 09:33:38 +00:00
Sebastián Gómez
fe3c78d2af
Fixed broken link (#1992) 2023-02-07 11:35:25 -03:00
Moritz Johner
731da81162
🧹 bump dependencies & regenerate CRDs (#1990)
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2023-02-07 14:08:01 +01:00
Moritz Johner
e72f371294
🐛 fix panic when using jwt without secretRef/saRef (#1980)
Fixes #1957

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2023-02-03 18:10:56 +00:00
Pedro Parra Ortega
c2054cc1bf
add-keeper-security-provider (#1768)
* add keepersecurity provider

Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>

* 🧹chore: bumps (#1758)

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>

* Feature/push secret (#1315)

Introduces Push Secret feature with implementations for the following providers:

* GCP Secret Manager
* AWS Secrets Manager
* AWS Parameter Store
* Hashicorp Vault KV

Signed-off-by: Dominic Meddick <dominic.meddick@engineerbetter.com>
Signed-off-by: Amr Fawzy <amr.fawzy@container-solutions.com>
Signed-off-by: William Young <will.young@engineerbetter.com>
Signed-off-by: James Cleveland <james.cleveland@engineerbetter.com>
Signed-off-by: Lilly Daniell <lilly.daniell@engineerbetter.com>
Signed-off-by: Adrienne Galloway <adrienne.galloway@engineerbetter.com>
Signed-off-by: Marcus Dantas <marcus.dantas@engineerbetter.com>
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
Signed-off-by: Nick Ruffles <nick.ruffles@engineerbetter.com>
Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>

* Fixing release pipeline for boringssl (#1763)

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>

* chore: bump 0.7.0-rc1 (#1765)

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>

* added documentation

Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>

* added pushSecret first iteration

Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>

* added pushSecret and updated documentation

Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>

* refactor client

Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>

* update code and unit tests

Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>

* fix code smells

Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>

* fix code smells

Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>

* fix custom fields

Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>

* making it reviewable

Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>

* fix custom field on secret map

Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>

* Update docs/snippets/keepersecurity-push-secret.yaml

Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>
Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>

* fixed edge case, improved validation errors and updated docs

Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>

* fix logic retrieving secrets

Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>

* Update pkg/provider/keepersecurity/client.go

Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>
Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>

* lint code

Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>

* linting code

Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>

* go linter fixed

Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>

* fix crds and documentation

Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>

---------

Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
Signed-off-by: Dominic Meddick <dominic.meddick@engineerbetter.com>
Signed-off-by: Amr Fawzy <amr.fawzy@container-solutions.com>
Signed-off-by: William Young <will.young@engineerbetter.com>
Signed-off-by: James Cleveland <james.cleveland@engineerbetter.com>
Signed-off-by: Lilly Daniell <lilly.daniell@engineerbetter.com>
Signed-off-by: Adrienne Galloway <adrienne.galloway@engineerbetter.com>
Signed-off-by: Marcus Dantas <marcus.dantas@engineerbetter.com>
Signed-off-by: Nick Ruffles <nick.ruffles@engineerbetter.com>
Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>
Co-authored-by: Pedro Parra Ortega <pedro.parraortega@enreach.com>
Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>
2023-02-03 15:27:21 +01:00
Marcel Hoyer
ea6cbe2cb4
add ability to configure revisionHistoryLimit in helm chart (#1979)
* feat: add ability to configure `revisionHistoryLimit` for all Deployment resources of the helm chart

This enables to turn ReplicaSet revisions off completely, e.g. when deploying ExternalSecrets with GitOps approach.

Signed-off-by: Marcel Hoyer <mhoyer@pixelplastic.de>

* fix: generate helm docs

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

---------

Signed-off-by: Marcel Hoyer <mhoyer@pixelplastic.de>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>
2023-02-03 15:06:00 +01:00
Mikhail Advani
1aef142c63
enhance ServiceMonitor configuration (#1973)
* Fix #1971

Signed-off-by: mikhailadvani <mikhail.advani@gmail.com>

* PR feedback

Signed-off-by: mikhailadvani <mikhail.advani@gmail.com>

* fix: generate helm docs

---------

Signed-off-by: mikhailadvani <mikhail.advani@gmail.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>
2023-02-03 14:45:50 +01:00
Moritz Johner
6da8b96d4d
🐛 remove ability to call env and expandenv in webhook (#1977)
This allows an attacker to exfiltrate environment variables.

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2023-02-03 13:23:03 +01:00
Evert Ramos
fa3acc5fa4
Update full-cluster-secret-store.yaml (#1953)
Add Oracle provider

Signed-off-by: Evert Ramos <evert.ramos@gmail.com>
2023-02-02 00:55:47 +01:00
Moritz Johner
e0a9986ea0
feat: bump packages (#1976)
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2023-02-01 23:53:27 +00:00
Gustavo Fernandes de Carvalho
a1f8a8adc7
🐛 Fixing PushSecret CRD generation (#1967)
* Fixing PushSecret CRD generation

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

* fix: increase hashicorp vault cache size to prevent eviction

Also remove tiny cache size from e2e tests

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

---------

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
2023-02-02 00:30:10 +01:00
Moritz Johner
322f61dbaa
🐛 no need to use cgo (#1935)
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2023-01-24 17:00:17 +00:00
Tobias Germer
bde9f94be3
Fix wrong IAM permissions in docs for the AWS Parameter Store (#1949)
Signed-off-by: Tobias Germer <tobias.germer@tui.com>
2023-01-24 15:40:10 +01:00
Thibault Cohen
ff88395c09
Add jsonpath filter support to webhook (#1940)
* Add jsonpath filter support to webhook

Signed-off-by: Thibault Cohen <47721+titilambert@users.noreply.github.com>

* Fix tests

Signed-off-by: Thibault Cohen <47721+titilambert@users.noreply.github.com>

Signed-off-by: Thibault Cohen <47721+titilambert@users.noreply.github.com>
2023-01-24 15:30:20 +01:00
Thibault Cohen
6862c9c637
Support template for webhook jsonpath (#1939)
* Support template for webhook jsonpath

Signed-off-by: Thibault Cohen <47721+titilambert@users.noreply.github.com>
2023-01-23 19:43:50 +01:00
Gareth Evans
ac9993f151
📚 use more inclusive language (#1927)
Signed-off-by: Gareth Evans <gareth@bryncynfelin.co.uk>
2023-01-19 13:31:51 -03:00
Moritz Johner
5ef3b23a68
feat: make cache generic, refactor feature flags (#1640)
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2023-01-19 17:25:47 +01:00
Gustavo Fernandes de Carvalho
769efdc391
Feature/deletion policies (#1914)
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
2023-01-19 06:37:19 -03:00
Denis Policastro
709db58d5b
Update aws-parameter-store.md (#1931)
Signed-off-by: Denis Policastro <denis.policastro@gmail.com>

Signed-off-by: Denis Policastro <denis.policastro@gmail.com>
2023-01-18 21:08:23 +01:00
Gustavo Fernandes de Carvalho
f2cdf383b8
🐛 fixing image rebuild pipeline (#1934)
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
2023-01-18 07:04:12 -03:00
a27kash
5ab02775ca
Set GOOS and GOARCH from TARGETPLATFORM (#1915)
Removed hardcoded, single platform values for GOOS and GOARCH.
Set GOOS and GOARCH from TARGETPLATFORM to build multi-platform images.
Ref: https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope
Ref: https://docs.docker.com/build/building/multi-platform/
Build a multi-platform image `docker buildx build --push --platform linux/arm64,linux/amd64 --tag external-secrets:dev --file Dockerfile.standalone .`

Signed-off-by: a27kash <a27kash@gmail.com>

Signed-off-by: a27kash <a27kash@gmail.com>
Signed-off-by: Moritz Johner <moolen@users.noreply.github.com>
Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>
2023-01-17 21:16:00 +01:00
Lucas Severo Alves
47ea26f6df
Update README.md (#1930)
Signed-off-by: Lucas Severo Alves <lucassalves65@gmail.com>

Signed-off-by: Lucas Severo Alves <lucassalves65@gmail.com>
2023-01-17 18:27:09 +01:00
Gustavo Fernandes de Carvalho
19f297e08d
🧹 bump: 0.7.2 (#1926)
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
2023-01-16 09:02:55 -03:00
Gustavo Fernandes de Carvalho
b36e027ad7
🧹 chore: bumps (#1925)
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
2023-01-16 08:35:34 -03:00
Gustavo Fernandes de Carvalho
a7d6224bda
🧹 chore: bumps (#1923)
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
2023-01-16 07:07:03 -03:00
Gustavo Fernandes de Carvalho
a2518e4997
🧹 chore: bumps (#1913)
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
2023-01-14 12:48:56 -03:00
Moritz Johner
736b287b6d
implement azure referent auth (#1886)
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2023-01-13 18:30:34 +00:00
Emin Alemdar
201e56f2b9
Added my new blog post (#1909)
I've added my new blog post about Push Secret feature.

Signed-off-by: Emin Alemdar <77338109+eminalemdar@users.noreply.github.com>

Signed-off-by: Emin Alemdar <77338109+eminalemdar@users.noreply.github.com>
2023-01-13 17:30:44 +01:00
Gustavo Fernandes de Carvalho
833658699d
Adds Keyvault PushSecret (#1883)
* Adds Keyvault PushSecret

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
2023-01-13 07:13:37 -03:00
Moritz Johner
5384954f46
aws secretsmanager/parameterstore referent auth (#1884)
* feat: implement referentAuth for aws

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* feat: e2e tests

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* Update pkg/provider/aws/provider.go

Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
Signed-off-by: Moritz Johner <moolen@users.noreply.github.com>

* Update pkg/provider/aws/provider.go

Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
Signed-off-by: Moritz Johner <moolen@users.noreply.github.com>

* feat: allow each credential to be referent

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Signed-off-by: Moritz Johner <moolen@users.noreply.github.com>
Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
2023-01-13 10:19:25 +01:00
Hiroshi Muraoka
f4e70ddfed
🐛 GCP: prevent goroutine leak on workload identity reconciliation (#1902)
Signed-off-by: Hiroshi Muraoka <h.muraoka714@gmail.com>
2023-01-12 09:27:01 -03:00
Moritz Johner
922c7e8ece
fix: explicitly use new kubectl gcp auth (#1904)
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2023-01-12 10:57:47 +01:00
Ahsan Gondal
7afa741246
Update 1password-automation.md (#1895)
updating docs to reflect the correct command and template format as per
https://developer.1password.com/docs/cli/create-item

Signed-off-by: Ahsan Gondal <ahsangondal15@gmail.com>

Signed-off-by: Ahsan Gondal <ahsangondal15@gmail.com>
2023-01-10 18:02:27 +01:00
Moritz Johner
11c61d8581
feat: referent auth for gcp (#1887)
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2023-01-10 14:40:42 +01:00
Gustavo Fernandes de Carvalho
6677c1e52d
🧹 chore: bumps (#1896)
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
2023-01-09 16:07:21 -03:00
cDR (Taco)
54f8d47ba8
fix: typo (#1894)
Signed-off-by: cDR (Taco) <me@codar.nl>

Signed-off-by: cDR (Taco) <me@codar.nl>
2023-01-09 12:37:47 +01:00
cspargo
fdc21faf61
AWS Role Chaining (#1855)
Signed-off-by: cspargo <colinspargo@gmail.com>
2023-01-08 11:49:22 -03:00
Gustavo Fernandes de Carvalho
0d08e0497e
Implements Deletion policy for Hashicorp vault. (#1879)
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
2023-01-06 13:40:42 -03:00
Gustavo Fernandes de Carvalho
a051da82cf
🐛 Fixes vault PushSecret logic (#1866)
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
2023-01-06 13:17:18 -03:00