external-secrets

mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00

Author	SHA1	Message	Date
Moritz Johner	6da8b96d4d	🐛 remove ability to call env and expandenv in webhook (#1977 ) This allows an attacker to exfiltrate environment variables. Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2023-02-03 13:23:03 +01:00
Gustavo Fernandes de Carvalho	a1f8a8adc7	🐛 Fixing PushSecret CRD generation (#1967 ) * Fixing PushSecret CRD generation Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * fix: increase hashicorp vault cache size to prevent eviction Also remove tiny cache size from e2e tests Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> --------- Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>	2023-02-02 00:30:10 +01:00
Thibault Cohen	ff88395c09	Add jsonpath filter support to webhook (#1940 ) * Add jsonpath filter support to webhook Signed-off-by: Thibault Cohen <47721+titilambert@users.noreply.github.com> * Fix tests Signed-off-by: Thibault Cohen <47721+titilambert@users.noreply.github.com> Signed-off-by: Thibault Cohen <47721+titilambert@users.noreply.github.com>	2023-01-24 15:30:20 +01:00
Thibault Cohen	6862c9c637	✨ Support template for webhook jsonpath (#1939 ) * Support template for webhook jsonpath Signed-off-by: Thibault Cohen <47721+titilambert@users.noreply.github.com>	2023-01-23 19:43:50 +01:00
Gareth Evans	ac9993f151	📚 use more inclusive language (#1927 ) Signed-off-by: Gareth Evans <gareth@bryncynfelin.co.uk>	2023-01-19 13:31:51 -03:00
Moritz Johner	5ef3b23a68	feat: make cache generic, refactor feature flags (#1640 ) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2023-01-19 17:25:47 +01:00
Gustavo Fernandes de Carvalho	769efdc391	✨ Feature/deletion policies (#1914 ) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>	2023-01-19 06:37:19 -03:00
Moritz Johner	736b287b6d	✨ implement azure referent auth (#1886 ) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2023-01-13 18:30:34 +00:00
Gustavo Fernandes de Carvalho	833658699d	✨ Adds Keyvault PushSecret (#1883 ) * Adds Keyvault PushSecret Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>	2023-01-13 07:13:37 -03:00
Moritz Johner	5384954f46	aws secretsmanager/parameterstore referent auth (#1884 ) * feat: implement referentAuth for aws Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * feat: e2e tests Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * Update pkg/provider/aws/provider.go Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Moritz Johner <moolen@users.noreply.github.com> * Update pkg/provider/aws/provider.go Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Moritz Johner <moolen@users.noreply.github.com> * feat: allow each credential to be referent Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <moolen@users.noreply.github.com> Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>	2023-01-13 10:19:25 +01:00
Hiroshi Muraoka	f4e70ddfed	🐛 GCP: prevent goroutine leak on workload identity reconciliation (#1902 ) Signed-off-by: Hiroshi Muraoka <h.muraoka714@gmail.com>	2023-01-12 09:27:01 -03:00
Moritz Johner	11c61d8581	feat: referent auth for gcp (#1887 ) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2023-01-10 14:40:42 +01:00
cspargo	fdc21faf61	✨ AWS Role Chaining (#1855 ) Signed-off-by: cspargo <colinspargo@gmail.com>	2023-01-08 11:49:22 -03:00
Gustavo Fernandes de Carvalho	0d08e0497e	✨ Implements Deletion policy for Hashicorp vault. (#1879 ) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>	2023-01-06 13:40:42 -03:00
Gustavo Fernandes de Carvalho	a051da82cf	🐛 Fixes vault PushSecret logic (#1866 ) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>	2023-01-06 13:17:18 -03:00
Dominik Zeiger	6c7e5cecce	🐛 gitlab: Fallback to wildcard variables and use pagination (bugfix) (#1838 ) * gitlab: fallback to wildcard variables when using "GetAllSecrets" Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>	2023-01-04 17:58:55 +01:00
Gustavo Fernandes de Carvalho	0bd9ea4dbd	✨ Templates from string (#1748 ) * Adds templates from string Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>	2023-01-03 19:02:43 -03:00
Gustavo Fernandes de Carvalho	ed173dcf77	chore: bumps (#1852 ) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>	2023-01-03 22:11:59 +01:00
Gustavo Fernandes de Carvalho	2f5fe6c594	🧹chore: bumps (#1792 ) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>	2022-12-07 14:40:51 -03:00
Moritz Johner	0bdb51a568	fix sync calls metrics & defer patch status (#1770 ) * fix: increment sync_calls_total metric once per reconciliation Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: patch status only if not skipped Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: unit tests Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2022-12-04 11:41:01 +01:00
Dominik Zeiger	8a0f711e96	gitlab: allow fallback to wildcard variable, when no environment specific value is defined (#1772 ) Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>	2022-12-03 09:35:06 +01:00
Gustavo Fernandes de Carvalho	0cb799b5cf	✨Feature/push secret (#1315 ) Introduces Push Secret feature with implementations for the following providers: * GCP Secret Manager * AWS Secrets Manager * AWS Parameter Store * Hashicorp Vault KV Signed-off-by: Dominic Meddick <dominic.meddick@engineerbetter.com> Signed-off-by: Amr Fawzy <amr.fawzy@container-solutions.com> Signed-off-by: William Young <will.young@engineerbetter.com> Signed-off-by: James Cleveland <james.cleveland@engineerbetter.com> Signed-off-by: Lilly Daniell <lilly.daniell@engineerbetter.com> Signed-off-by: Adrienne Galloway <adrienne.galloway@engineerbetter.com> Signed-off-by: Marcus Dantas <marcus.dantas@engineerbetter.com> Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Nick Ruffles <nick.ruffles@engineerbetter.com>	2022-11-29 16:04:46 -03:00
Dominik Zeiger	117e93b4ed	gitlab: small documentation updates (#1747 ) Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>	2022-11-24 20:50:35 +01:00
Steven Bressey	b5be79de98	Feature: Add secret metadata templating from secret values (#1740 ) * handle template data for secret labels & annotations Signed-off-by: Steven Bressey <steven.bressey@artifakt.io>	2022-11-23 22:29:59 +01:00
Dominik Zeiger	b7100e27a0	gitlab: support "environment_scope" tag for findAll (#1732 ) Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>	2022-11-23 22:22:35 +01:00
Dominik Zeiger	f38f40a2b4	gitlab: support for CI/CD group variables (#1692 ) * gitlab: support for ci/cd group variables Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> * gitlab: support for ci/cd group variables (automatically discover project groups) Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> * gitlab: support for ci/cd group variables (documentation) Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>	2022-11-21 22:26:34 +01:00
Gustavo Fernandes de Carvalho	bd4495814b	🧹Bumping versions (#1708 ) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>	2022-11-09 17:44:07 -03:00
Dominik Zeiger	6ec0d2cd95	✨gitlab: getAllSecrets (#1681 ) * gitlab: getAllSecrets Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> * Update pkg/provider/gitlab/gitlab.go Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Dominik Zeiger <domizei385@users.noreply.github.com> Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> * gitlab: added some test coverage Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> Signed-off-by: Dominik Zeiger <domizei385@users.noreply.github.com> Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>	2022-11-01 15:09:36 -03:00
Gustavo Fernandes de Carvalho	d1fa28532d	🧹 chore: bumping versions (#1688 ) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>	2022-10-31 06:54:52 -03:00
Moritz Johner	dabfa5a589	Feature: initial generator implementation + Github Actions OIDC/AWS (#1539 ) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>	2022-10-29 20:15:50 +02:00
Moritz Johner	411f03ffe1	fix: allow controller to `delete` delete externalsecrets (#1670 ) When using ClusterExternalSecret the controller needs to delete external-secret resources Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2022-10-26 23:23:15 +02:00
Gustavo Fernandes de Carvalho	d5cc8b3de5	🐛 Implements new buildPath logic (#1636 ) Signed-off-by: Gustavo <gusfcarvalho@gmail.com>	2022-10-26 15:19:25 -03:00
Martin Schimandl	6ca30a762a	Implement oracle validator (#1592 ) * Implement oracle validator Signed-off-by: Martin Schimandl <martin.schimandl@gmail.com> * Add more granular OCI error handling Signed-off-by: Martin Schimandl <martin.schimandl@gmail.com> * Remove two newlines the linter does not like Signed-off-by: Martin Schimandl <martin.schimandl@gmail.com> Signed-off-by: Martin Schimandl <martin.schimandl@gmail.com>	2022-10-25 23:32:40 +02:00
Yannay Hammer	14f5ddf198	Added namespace condition to ClusterSecretStore (#1635 ) * Added namespace condition to ClusterSecretStore Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Added the new conditions field to the docs Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Added tests to ClusterSecretStore namespace conditions Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Added some comments to explain tests better Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Fixed a testcase Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Increased golangci timeout to 10m Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Fixed test to use fakeProvider correctly Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Removed hardcoded timeout from make lint Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Improved error message on non matching namespace Co-authored-by: Moritz Johner <moolen@users.noreply.github.com> Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Modified testCase to use GenericStore interface Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Attempt at generalizing the testcase and reducing code duplication Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Reduced some diff Signed-off-by: Yannay Hammer <yannayha@gmail.com> * fix: tidy e2e mod Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Yannay Hammer <yannayha@gmail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: Docs <docs@external-secrets.io> Co-authored-by: Moritz Johner <moolen@users.noreply.github.com> Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>	2022-10-17 16:40:18 +02:00
dependabot[bot]	27d0cd72f5	chore(deps): bump sigs.k8s.io/controller-runtime from 0.12.3 to 0.13.0 (#1547 ) * chore(deps): bump sigs.k8s.io/controller-runtime from 0.12.3 to 0.13.0 Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.12.3 to 0.13.0. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/master/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.12.3...v0.13.0) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * fix: remove dependency on crossplane-runtime/pkg/test Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>	2022-10-13 20:24:56 +02:00
Eng Zer Jun	0c9efa67b0	test: use `T.Setenv` to set env vars in tests (#1611 ) This commit replaces `os.Setenv` with `t.Setenv` in tests. The environment variable is automatically restored to its original value when the test and all its subtests complete. Reference: https://pkg.go.dev/testing#T.Setenv Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>	2022-10-06 22:05:42 +02:00
Nic Eggert	773956f5d3	Add optional caching for Vault clients, including token re-use. (#1537 ) The new functionality is controlled using the newly-introduced --experimental-enable-vault-token-cache and --experimental-vault-token-cache-size command-line flags. Signed-off-by: NicEggert <nicholas.eggert@target.com>	2022-09-30 20:41:36 +02:00
Dominik Zeiger	fa38fe1e60	enable configuration of environment_scope for gitlab provider (#1565 ) * enable configuration of environment_scope for gitlab provider Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>	2022-09-27 22:08:38 +02:00
Ryan Blunden	f01e13f21b	Add Doppler provider (#1573 ) * Add Doppler provider Signed-off-by: Ryan Blunden <ryan.blunden@doppler.com>	2022-09-23 22:47:25 +02:00
Sebastián Gómez	cef547e473	fix: unmarshal JSON error when empty secrets in Vault (#1512 ) Signed-off-by: Sebastián Gómez <sebastiangomezcorrea@gmail.com>	2022-09-14 22:26:10 +02:00
Rhaenys	7397243ca0	New Duration Metric (#1533 ) Signed-off-by: Cristina DE DIOS GONZALEZ <cristina.dedios@amadeus.com>	2022-09-12 19:19:45 +02:00
Moritz Johner	af367e9933	chore: refactor provider (#1529 ) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2022-09-12 14:55:46 +02:00
renanaAkeyless	ed59520674	added akeyless k8s auth option (#1531 ) * added akeyless k8s auth option Signed-off-by: Docs <renana@akeyless.io>	2022-09-11 13:25:29 +02:00
Moritz Johner	ed0ceb8d84	fix: aws parameter store json decode, bump go 1.19 (#1525 ) * fix: parameter store should decode complex json values Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2022-09-06 19:46:36 +02:00
Marcel Hoyer	17ece4df8f	flip order of `err` and nil `secret` variable check in `listSecrets()` function of vault provider (#1504 ) Signed-off-by: Marcel Hoyer <mhoyer@pixelplastic.de>	2022-08-31 14:35:42 +02:00
dependabot[bot]	67fedc840e	✨ Kubernetes v1.24 upgrade (#1345 ) * build(deps): bump sigs.k8s.io/controller-runtime from 0.11.2 to 0.12.3 Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.11.2 to 0.12.3. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/master/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.11.2...v0.12.3) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * feat: bump kubernetes 1.24 Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: backwards-compatible vault implementation Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * feat: add audiences field to serviceAccountRef This will be used by aws, azure, gcp, kubernetes & vault providers in combination with TokenRequest API: it will _append_ audience claims to provider-specific audiences. Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * feat: refactor kubernetes client to match provider/client interfaces the kubernetes provider mixed up provider and client interfaces which made it really hard to reason about. This commit separates into two structs, each implements one interface. The client struct fields have been renamed and annotated so their use and scope is clear. Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: deprecate expirationSeconds expirationSeconds is not needed because we generate a service account token on the fly for a single use. There will be no replacement for this. Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: rename token fetch audiences field Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: generate CRDs Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>	2022-08-19 17:32:06 +02:00
Moritz Johner	2d20b5488e	feat: add azkv.environmentType (#1469 ) users of USGovCloud, ChinaCloud, GermanCloud need slightly different configuration for AADEndpoint and keyvault resource. This is based on CSI Secret Store Azure KV driver, Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2022-08-18 00:12:44 +02:00
Moritz Johner	8e245f6073	fix: remove convertKeys from aws providers (#1470 ) ConvertKeys is called in the external secrets controller which takes care of mapping the keys. Calling it before returning the data is a bug as it interferes with the new rewrite feature. Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2022-08-17 15:36:02 +02:00
stephen-dexda	e64acea549	fix: AWS attr. dot check off-by-one error (#1459 ) * Fix off-by-one in check for dot in JSON attr. name Signed-off-by: stephen-dexda <stephen@dexda.io>	2022-08-15 21:44:32 +02:00
dependabot[bot]	bf21843eba	⬆️github.com/akeylesslabs/akeyless-go/v2 from 2.16.8 to 2.17.0 (#1438 ) * Bump github.com/akeylesslabs/akeyless-go/v2 from 2.16.8 to 2.17.0 Bumps [github.com/akeylesslabs/akeyless-go/v2](https://github.com/akeylesslabs/akeyless-go) from 2.16.8 to 2.17.0. - [Release notes](https://github.com/akeylesslabs/akeyless-go/releases) - [Changelog](https://github.com/akeylesslabs/akeyless-go/blob/master/docs/KmipRenewServerCertificate.md) - [Commits](https://github.com/akeylesslabs/akeyless-go/compare/v2.16.8...v2.17.0) --- updated-dependencies: - dependency-name: github.com/akeylesslabs/akeyless-go/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Fixing linting issues Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gustavo Carvalho <gusfcarvalho@gmail.com>	2022-08-11 14:32:04 -03:00
Kewei Ma	53443eaadf	Fix provisionedNamespaces in Status field of ClusterExternalSecret keeps getting updated non-stop (#1441 ) Signed-off-by: Kewei Ma <kewei@indeed.com>	2022-08-09 17:55:34 +02:00
Gustavo Fernandes de Carvalho	b4e7acfaa9	✨Implements dataFrom key rewrite (#1381 ) * Implements dataFrom key rewrite Co-authored-by: Moritz Johner <moolen@users.noreply.github.com> Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * docs: add example to remove invalid characters Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: Moritz Johner <moolen@users.noreply.github.com> Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>	2022-08-04 15:24:02 -03:00
Moritz Johner	6593e06561	fix: handle empty conversionStrategy (#1408 ) This is for the case when the conversion webhook does not set the conversionStrategy properly (it doesn't run the Defaulter). Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2022-08-01 19:44:09 +02:00
Mike	fdf1f9ce6f	feat: Add support for container auth to IBM provider. (#1177 )	2022-07-26 22:48:07 +02:00
david amick	524e33bbeb	🧹Improve 1Password integration and docs (#1340 )	2022-07-26 09:07:48 -03:00
Stanislaw Scherban	eb8e614755	retryer implementation to handle throttling exceptions on AWS (#1331 ) * awsretryer implemented for AWS providers	2022-07-19 20:00:46 +02:00
Gustavo Fernandes de Carvalho	fa91ba0f6c	✨ Adds DecodingStrategy to ExternalSecrets (#1294 ) Fixes #920 Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>	2022-07-12 09:18:00 -03:00
paul-the-alien[bot]	c42c48911e	Merge pull request #1283 from external-secrets/mj-fix-aws-token-aud fix: respect aud annotation at IRSA	2022-06-22 14:17:48 +00:00
paul-the-alien[bot]	240b8db4f0	Merge pull request #1244 from albertollamaso/reuse-aws-session Once the AWS session is created first time, it can be reused	2022-06-22 13:20:37 +00:00
Alberto Llamas	e31a408e1d	update	2022-06-22 07:24:26 +02:00
Moritz Johner	8f85e53f17	fix: respect aud annotation at IRSA	2022-06-21 23:33:24 +02:00
Alberto Llamas	629d2f391c	fix	2022-06-21 12:14:36 +02:00
Alberto Llamas	5ec222dfd0	update	2022-06-21 11:52:01 +02:00
Alberto Llamas	c3335907ac	Fix recommendations from go-lint	2022-06-18 13:05:47 +02:00
Alberto Llamas	ad63b74c9f	Reuse AWS session as feature gate that a user has to opt-in in order to use it	2022-06-18 10:54:47 +02:00
paul-the-alien[bot]	94024a144b	Merge pull request #1257 from external-secrets/bug-1137 Azure KeyVault decoding bugs	2022-06-15 21:20:44 +00:00
Moritz Johner	cff9be1664	feat(kubernetes): allow service account auth (#1201 ) * feat(kubernetes): allow service account auth Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2022-06-13 21:49:05 +02:00
Alberto Llamas	909d137a83	Removing newlines	2022-06-13 20:36:58 +02:00
Alberto Llamas	cb6f66b5ac	Fix aws session logic	2022-06-13 20:24:25 +02:00
Sebastián Gómez	9bc7eb1436	Remove codesmell	2022-06-13 11:56:38 -04:00
Sebastián Gómez	4ae98fc995	Removed code smell and simplified use of tags	2022-06-13 11:40:01 -04:00
Sebastián Gómez	65e93fa992	Code refactoring	2022-06-13 09:28:11 -04:00
Sebastián Gómez	aed1719697	Lint fixes	2022-06-13 09:27:54 -04:00
paul-the-alien[bot]	e4fbc633a1	Merge pull request #1254 from marcincuber/feat/yaml Adding toYaml fromYaml helper functions	2022-06-11 12:19:50 +00:00
marcincuber	c8f13a0e1a	fix test	2022-06-11 12:15:13 +01:00
marcincuber	a1e7862698	add tests	2022-06-11 11:15:06 +01:00
Sebastián Gómez	7714c29c87	Merge branch 'main' into bug-1137	2022-06-10 17:09:03 -04:00
Sebastián Gómez	b4dcffbf86	Fix cases with properties and json	2022-06-10 17:07:42 -04:00
Rhaenys	f005cc0346	azkv more unittest coverage (#1149 )	2022-06-10 22:09:59 +02:00
marcincuber	5fe3b2d810	lint	2022-06-10 11:09:46 +01:00
marcincuber	efc8ede754	add yaml helper functions	2022-06-10 11:04:59 +01:00
Alberto Llamas	d64941ece9	Once the AWS session is created first time, it can be reused	2022-06-07 10:25:30 +02:00
paul-the-alien[bot]	94aa568929	Merge pull request #1173 from external-secrets/dependabot/go_modules/github.com/1Password/connect-sdk-go-1.4.0 build(deps): bump github.com/1Password/connect-sdk-go from 1.2.0 to 1.4.0	2022-06-07 08:19:24 +00:00
Docs	cc1043d3a6	Update fakes to implement client for 1Password/connect-sdk-go v1.4.0	2022-06-01 16:38:41 -07:00
Gustavo Carvalho	e6f050e873	make sure we check if it is referent during NewClient Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>	2022-06-01 13:15:36 -03:00
Gustavo Carvalho	a01a23bfc1	fixing panic if using JWT with KubernetesServiceAccountToken Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>	2022-05-31 11:40:00 -03:00
Sebastián Gómez	c5909fb966	Fix the first case, nested json. Test was also added	2022-05-30 11:05:20 -04:00
Moritz Johner	8c14f8aff0	fix: loosen validation to enable referent auth. also adding tests for vault. this is the only provider that supports that as of now. Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2022-05-23 20:10:16 +02:00
Moritz Johner	d4e9a56c21	fix: correctly convert matchExpressions to labelSelector (#1165 ) Fixes #1155 Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2022-05-23 10:48:54 +02:00
Nitzan Nissim	97126d9798	Add support for IBM Secrets Manager's Private Certificate (#1160 ) * Use gsed on macos. Signed-off-by: Marcin Kubica <marcin.kubica@engineerbetter.com> * Add private_cert support * Add private_cert support Co-authored-by: Marcin Kubica <marcin.kubica@engineerbetter.com>	2022-05-21 22:53:31 +02:00
paul-the-alien[bot]	1a6579b876	Merge pull request #1062 from dreadful-dragon/feature/azkv-tags-sync azkv tag feature	2022-05-20 15:51:50 +00:00
paul-the-alien[bot]	3de2cc8bee	Merge pull request #1040 from AndreyZamyslov/yandex-certificate-manager Support for Yandex Certificate Manager	2022-05-17 16:48:58 +00:00
Cristina DE DIOS GONZÁLEZ	3256bc4b82	azkv tag feature	2022-05-16 16:49:34 +02:00
paul-the-alien[bot]	49f4bad35d	Merge pull request #1108 from hydeenoble/provider/alibaba Implemented ValidateStore function for Alibaba Provider	2022-05-13 22:21:03 +00:00
Docs	f4f2170502	"GetAllSecrets not implemented" -> "GetAllSecrets not supported"	2022-05-13 13:10:56 +03:00
Matt Demers	b004894b77	Add support for referencing secrets manager secrets by their VersionId	2022-05-11 16:30:30 -04:00
paul-the-alien[bot]	73a467479d	Merge pull request #1006 from Simspace/1Password Add 1Password support	2022-05-09 19:55:56 +00:00
paul-the-alien[bot]	ff7e9f90f3	Merge pull request #1083 from external-secrets/beach-team Implement ValidateStore for Gitlab and Oracle providers	2022-05-09 09:18:47 +00:00
david amick	435aefc7ac	Add 1Password support	2022-05-08 17:01:26 -07:00
Idowu Emehinola	ec7ae4f6df	Implemented ValidateStore function for Alibaba Providergofmt Signed-off-by: Idowu Emehinola <hydeenoble39@gmail.com>	2022-05-07 14:22:07 +02:00
Idowu Emehinola	65b92cd893	Merge branch 'main' of github.com:external-secrets/external-secrets into provider/alibaba	2022-05-06 18:56:27 +02:00
Idowu Emehinola	28a7299c8b	Implemented ValidateStore function for Alibaba Provider Signed-off-by: Idowu Emehinola <hydeenoble39@gmail.com>	2022-05-06 18:56:19 +02:00
Gustavo Carvalho	61b7c2a671	fix: fixed failing unit test Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>	2022-05-06 13:22:14 -03:00
Marcin Kubica	71a36c471e	Fix: final fixes for both tests. Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com> Signed-off-by: William Young <will.young@engineerbetter.com>	2022-05-06 16:59:59 +01:00
Marcin Kubica	97b977f58d	Refactor gitlab test Signed-off-by: William Young <will.young@engineerbetter.com>	2022-05-06 15:01:15 +01:00
Idowu Emehinola	1f40329385	Updated validation for akeyless to catch invalid URLs and emtpy accessID name and keys Signed-off-by: Idowu Emehinola <hydeenoble39@gmail.com>	2022-05-06 14:45:31 +02:00
Idowu Emehinola	90c7262c65	gofmt-ed files Signed-off-by: Idowu Emehinola <hydeenoble39@gmail.com>	2022-05-06 13:44:38 +02:00
Idowu Emehinola	022f5aaf6f	Updated validation for akeyless to catch invalid URLs and emtpy accessID name and keys Signed-off-by: Idowu Emehinola <hydeenoble39@gmail.com>	2022-05-06 13:41:01 +02:00
Idowu Emehinola	3e3120669d	Updated validation for akeyless to catch invalid URLs and emtpy accessID name and keys Signed-off-by: Idowu Emehinola <hydeenoble39@gmail.com>	2022-05-06 13:27:55 +02:00
Idowu Emehinola	797e8614ed	fix lint issues it PR Signed-off-by: Idowu Emehinola <hydeenoble39@gmail.com>	2022-05-06 13:22:33 +02:00
Idowu Emehinola	fd3306d7be	Updated validation for akeyless to catch invalid URLs and emtpy accessID name and keys Signed-off-by: Idowu Emehinola <hydeenoble39@gmail.com>	2022-05-06 13:19:03 +02:00
William Young	8ca73aff47	Feat: Added and refactored accessToken validation Signed-off-by: Marcin Kubica <marcin.kubica@engineerbetter.com>	2022-05-06 12:06:14 +01:00
William Young	5145302f6b	Feat: Added access key test validation	2022-05-06 11:55:27 +01:00
Gustavo Carvalho	3cc5ab1ec5	Merge branch 'validate-store-oracle' into beach-team	2022-05-06 06:52:47 -03:00
Gustavo Carvalho	f813f8634a	Fixed SonarCloud code Smells Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com> Signed-off-by: Marcin Kubica <marcin.kubica@engineerbetter.com> Signed-off-by: William Young <will.young@engineerbetter.com>	2022-05-06 06:49:24 -03:00
Idowu Emehinola	124d7efdf2	Troubleshooting failed CI Signed-off-by: Idowu Emehinola <hydeenoble39@gmail.com>	2022-05-05 23:36:33 +02:00
Idowu Emehinola	88fe6dd479	Troubleshooting failed CI Signed-off-by: Idowu Emehinola <hydeenoble39@gmail.com>	2022-05-05 23:25:54 +02:00
Idowu Emehinola	8728f63a36	Troubleshooting failed CI Signed-off-by: Idowu Emehinola <hydeenoble39@gmail.com>	2022-05-05 23:22:20 +02:00
Idowu Emehinola	564d509a16	make fmt Signed-off-by: Idowu Emehinola <hydeenoble39@gmail.com>	2022-05-05 23:02:32 +02:00
Idowu Emehinola	e86ffac960	Implemented function for Akeyless provider Signed-off-by: Idowu Emehinola <hydeenoble39@gmail.com>	2022-05-05 22:52:42 +02:00
Marcin Kubica	c65dbf6ce2	Fix: linter	2022-05-05 16:52:23 +01:00
Marcin Kubica	c0a305f04b	Completed tests for Oracle ValidateStore	2022-05-05 16:29:29 +01:00
William Young	b0719d2f54	Tests: Finished refactoring tests to table tests Signed-off-by: Dominic Meddick <dom.meddick@engineerbetter.com>	2022-05-05 14:31:18 +01:00
Gustavo Carvalho	ad76205264	WIP: Implementing Table tests for ValidateStore Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com> Signed-off-by: Marcin Kubica <marcin.kubica@engineerbetter.com> Signed-off-by: William Young <will.young@engineerbetter.com>	2022-05-05 09:01:09 -03:00
Gustavo Carvalho	b3bfd97252	Added Fingerprint validation for Oracle Provider Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com> Signed-off-by: William Young <will.young@engineerbetter.com> Signed-off-by: Marcin Kubica <marcin.kubica@engineerbetter.com>	2022-05-05 08:49:35 -03:00
William Young	c395dc15bf	Feat: Added oracle privatekey validation	2022-05-05 12:21:15 +01:00
Marcin Kubica	326c27a730	continue with ValidateStore for Oracle	2022-05-04 17:58:16 +01:00
Marcin Kubica	55c8626e74	start adding ValidateStore for Oracle Signed-off-by: Gustavo Carvalho <gustavo.carvalho@engineerbetter.com>	2022-05-04 16:39:42 +01:00
William Young	10646af425	Minor lint change	2022-05-04 11:33:19 +01:00
William Young	0ec20ce1b1	Merge branch 'gitlab-validation' into beach-team	2022-05-04 11:22:09 +01:00
William Young	8744a24817	Feat: validation for porjectID	2022-05-04 11:13:13 +01:00
William Young	75e1cd14ed	Fix lint	2022-05-03 18:00:17 +01:00
William Young	35610a5a39	Feat: ValidateStore for GitLab provider Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>	2022-05-03 17:33:26 +01:00
paul-the-alien[bot]	9838d44bae	Merge pull request #1075 from lfraga/feat/provider-senhasegura-dsm Add senhasegura DevOps Secrets Management (DSM) provider	2022-05-03 12:57:59 +00:00
Jason Hancock	3f9d6b07fc	vault provider: avoid panics if secret not found in vault	2022-05-02 11:01:20 -07:00
Docs	c73206b29c	Add senhasegura DSM provider	2022-05-02 13:28:18 -03:00
Docs	1a0fbbf4cd	add support for Yandex Certificate Manager	2022-04-28 18:45:26 +03:00
auyer	e19408fd84	Adds string replacement usage and test in Template	2022-04-27 16:52:41 -03:00
Romain DARY	d424b6ff70	chore: improve external secret reconciliation sequence Secret client is created only if we are going to refresh this skip an unnecessary check/request in the case we are not going to do anything	2022-04-27 12:34:48 +02:00
Docs	7cfbadae9c	add support for Yandex Certificate Manager (linter errors)	2022-04-22 23:31:40 +03:00
Docs	9c2e1a692b	add support for Yandex Certificate Manager (linter errors)	2022-04-22 22:49:13 +03:00
Docs	b1f3391022	add support for Yandex Certificate Manager (linter errors)	2022-04-22 22:21:43 +03:00
Docs	dc7df48cae	add support for Yandex Certificate Manager	2022-04-22 21:40:52 +03:00
Docs	61c4579ef5	refactor Yandex Lockbox provider	2022-04-22 21:23:40 +03:00
Docs	b8370897f0	Update docs from v1alpha to v1beta1, fix typos	2022-04-18 12:15:39 -07:00
Gustavo Carvalho	6a67f5c435	Checking if condition is not nil before using it. Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>	2022-04-18 08:19:47 -03:00
Merlin	4820cc9165	Ignore ExternalSecret processing if the store is not usuable (e.g. NotReady).	2022-04-13 23:24:39 +02:00
paul-the-alien[bot]	84af221762	Merge pull request #959 from external-secrets/chore/refactor-vault Chore/refactor vault	2022-04-13 13:02:14 +00:00
Gustavo Carvalho	4fcf272ce0	Refactoring vault provider. Removing RawRequest in favor of Logical Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>	2022-04-13 07:13:25 -03:00
paul-the-alien[bot]	1d70e03b05	Merge pull request #981 from external-secrets/dependabot/go_modules/github.com/aws/aws-sdk-go-1.43.36 build(deps): bump github.com/aws/aws-sdk-go from 1.41.13 to 1.43.36	2022-04-12 05:42:18 +00:00

1 2 3 4 5 ...

685 commits