btfhernandez
77f5d0ad91
feat: add beyondtrust provider ( #3683 )
...
* feat: add beyondtrust provider
Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>
* feat: edit go.mod and go.sum files
Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>
* feat: change test file name (provider_test.go)
Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>
* feat: solve PR comments
Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>
* feat: organize attributes in a higher hierarchy
Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>
* fix: fix sonar cloud issues and go.mod file conflicts
Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>
* fix: fix PR comments and apply table driven tests
Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>
* fix: fix PR comments
Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>
* fix: fix lint issues
Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>
* fix: fix lint issues on tests
Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>
* fix: run make fmt
Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>
* fix: apply camelCase to yaml attributes
Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>
* fix: solve go.mod file conflict
Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>
* fix: run make check-diff
Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>
---------
Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>
Signed-off-by: btfhernandez <133419363+btfhernandez@users.noreply.github.com>
2024-08-07 09:27:04 +02:00
Victor Santos
7343875bf7
fix: decrypt remote secret for SecureString type ( #3761 )
2024-08-05 17:45:12 +02:00
Ketil
725c0549d1
feat: support pkcs12 with chain in pushsecret to Azure KeyVault ( #3747 )
...
Signed-off-by: Ketil Gjerde <477141+mysteq@users.noreply.github.com>
2024-08-02 10:21:10 +02:00
Gustavo Fernandes de Carvalho
af1ebd8817
feat: webhook secrets must be labeled ( #3753 )
...
BREAKING CHANGE: Webhook secrets now must be labeled for Webhook SecretStore
BREAKING CHANGE: Generator webhook labels changed
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
2024-07-31 13:45:33 -03:00
Gergely Brautigam
d5ca3161d6
feat: do not modify the secret in case of a NotModified ( #3746 )
...
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-07-31 12:29:21 +02:00
Gergely Brautigam
8c709cfa43
feat: add prefix definition to all secret keys for aws parameter store ( #3718 )
...
* feat: add prefix definition to all secret keys for aws parameter store
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* added a push secret test to verify called parameter has a prefix
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
---------
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-07-31 12:29:07 +02:00
Gergely Brautigam
2b51f8a8e1
feat: increase verbosity of error message during validation ( #3742 )
...
* feat: increase verbosity of error message during validation
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* removing Equal as we do not have the specific error message there
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
---------
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-07-29 15:04:35 +02:00
Roomba
196245c22c
remove redundant parameter grab call, we already have it from the getparamsbypathwctx() ( #3722 )
2024-07-29 07:08:06 +02:00
Engin Diri
4f62fb3963
feat: add PushSecret support for Pulumi ESC ( #3597 )
...
Signed-off-by: Engin Diri <engin.diri@ediri.de>
2024-07-25 09:00:17 +02:00
Gergely Brautigam
c078a88d9b
fix: add namespace to path and route construction ( #3632 )
...
* fix: add namespace to path and route construction
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* fix: use the correct namespace while restoring from auth namespace
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* added fix suggestion from Gustavo
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
---------
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-07-21 16:42:14 -03:00
Alok N
0fcf972a70
fix: aws secretexists returns true ifnotexists ( #3684 )
...
Signed-off-by: Alok N <alokme123@gmail.com>
2024-07-16 07:38:57 +02:00
abhinav1708
bdd0c7ec9a
support for adding headers in vault provider ( #3677 )
...
* support for vault headers
Signed-off-by: Abhinav Garg 10033523 <abhinav1708@gmail.com>
* changes in crds bases for headers support
Signed-off-by: Abhinav Garg 10033523 <abhinav1708@gmail.com>
* adding autogenerated files
Signed-off-by: Abhinav Garg 10033523 <abhinav1708@gmail.com>
* removing extra---
Signed-off-by: Abhinav Garg 10033523 <abhinav1708@gmail.com>
* adding headers before x-vault-Inconsistent
Signed-off-by: Abhinav Garg 10033523 <abhinav1708@gmail.com>
* changing for lint pass
Signed-off-by: Abhinav Garg 10033523 <abhinav1708@gmail.com>
---------
Signed-off-by: Abhinav Garg 10033523 <abhinav1708@gmail.com>
2024-07-15 11:27:06 +02:00
Malik
4758121676
Support for Oracle PushSecret.property #2911 ( #3577 )
...
* feat: push entire secret (oracle)
Signed-off-by: Malik Kennedy <mksybr@gmail.com>
* feat: push entire secret (oracle)
Signed-off-by: Malik Kennedy <mksybr@gmail.com>
---------
Signed-off-by: Malik Kennedy <mksybr@gmail.com>
2024-07-13 20:34:35 +02:00
RMeans
43ee65f957
Only URL encode data being passed to URLs ( #3652 ) ( #3674 )
...
Signed-off-by: Ryan Means <ryan.means@pangea.cloud>
Co-authored-by: Ryan Means <ryan.means@pangea.cloud>
2024-07-10 16:29:42 -03:00
Bill Hamilton
1876ff88d7
Add support for Delinea Secret Server ( #3468 )
...
* implements secretserver
Signed-off-by: Bill Hamilton <bill.hamilton@delinea.com>
* bump to align e2e
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
* bump
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
---------
Signed-off-by: Bill Hamilton <bill.hamilton@delinea.com>
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
Co-authored-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
2024-07-10 14:32:17 -03:00
Shuhei Kitagawa
67fccd4fca
Allow specifying the same namespace for SecretStores ( #3555 )
...
* Allow specifying the same namespace for SecretStores
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
* Fix unit tests
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
---------
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
2024-07-03 20:56:55 -03:00
Andrew Gunnerson
2053df7b7c
fix(vault): Treat tokens expiring in <60s as expired ( #3637 )
...
* fix(vault): Treat tokens expiring in <60s as expired
Without this, it's possible to hit a TOCTOU issue where checkToken()
sees a valid token, but it expires before the actual operation is
performed. This condition is only reachable when the experimental
caching feature is enabled.
60 seconds was chosen as a sane (but arbitrary) value. It should be more
than enough to cover the amount of time between checkToken() and the
actual operation.
Signed-off-by: Andrew Gunnerson <andrew.gunnerson@elastic.co>
* ADOPTERS.md: Add Elastic
Signed-off-by: Andrew Gunnerson <andrew.gunnerson@elastic.co>
---------
Signed-off-by: Andrew Gunnerson <andrew.gunnerson@elastic.co>
2024-07-03 20:56:38 -03:00
Christophe Collot
504b5506f4
feat: implement pushing whole k8s secret to Azure Keyvault ( #3650 )
...
* feat: implement pushing whole secrets to azure keyvault
Signed-off-by: Christophe Collot <christophe.collot.cloud@gmail.com>
* bump e2e pipeline (#3646 )
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@productmadness.com>
Signed-off-by: Christophe Collot <christophe.collot.cloud@gmail.com>
* fix e2e permissions (#3647 )
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@productmadness.com>
Signed-off-by: Christophe Collot <christophe.collot.cloud@gmail.com>
* bump docs with e2e commands (#3648 )
Signed-off-by: Christophe Collot <christophe.collot.cloud@gmail.com>
* also needs pull-requests (#3649 )
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@productmadness.com>
Signed-off-by: Christophe Collot <christophe.collot.cloud@gmail.com>
* style: remove unnecessary line
Signed-off-by: Christophe Collot <christophe.collot.cloud@gmail.com>
* style: remove trailing line
Signed-off-by: Christophe Collot <christophe.collot.cloud@gmail.com>
---------
Signed-off-by: Christophe Collot <christophe.collot.cloud@gmail.com>
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@productmadness.com>
Co-authored-by: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com>
2024-07-03 08:38:01 +02:00
Doug Goldstein
93e9b4cef7
fix(webhook): perform conversion of data ( #3638 )
...
Instead of assuming that the data fields are strings that can be
converted to byte array, convert the actual type to a byte array.
fixes #3239
Signed-off-by: Doug Goldstein <cardoe@cardoe.com>
2024-07-03 07:42:34 +02:00
Joe Stevens
f516892164
implement handling for pushing whole k8s secret to gcsm ( #3644 )
...
Signed-off-by: Joseph Stevens <thejosephstevens@gmail.com>
2024-07-02 08:08:55 +02:00
kaedwen
48cccaeded
add AuthRef to kubernetes provider fixes #3627 ( #3628 )
...
* add AuthRef to kubernetes provider fixes #3627
Signed-off-by: kaedwen <kaedwen@heinrich.blue>
* run make reviewable
Signed-off-by: kaedwen <kaedwen@heinrich.blue>
* fix validation for given authRef
Signed-off-by: kaedwen <kaedwen@heinrich.blue>
* refactor kubernetes provider auth
Signed-off-by: kaedwen <kaedwen@heinrich.blue>
* satisfy linter
Signed-off-by: kaedwen <kaedwen@heinrich.blue>
* add URL for kubernetes provider tests
Signed-off-by: kaedwen <kaedwen@heinrich.blue>
---------
Signed-off-by: kaedwen <kaedwen@heinrich.blue>
2024-07-01 23:31:10 +02:00
Gergely Brautigam
095537e6ad
feat: add bitwarden secret manager support ( #3603 )
2024-06-28 06:04:25 +02:00
Timofei Larkin
490eeacca2
Adds codepath for removing finalizers ( #3610 )
...
* Adds codepath for removing finalizers
See #3609 .
Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
* Add test case for #3609
Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
---------
Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
2024-06-21 21:57:04 +02:00
Moritz Johner
f1ab7ef89d
fix: explicitly fetch status subresource due to inconsistencies ( #3608 )
...
* fix: explicitly fetch status subresource due to inconsistencies
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* fix: bump go
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* fix: add rbac to get status
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
---------
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2024-06-21 12:59:25 +02:00
Eric Fang
ebae16beb3
Remove the use of "golang.org/x/crypto/pkcs12" ( #3601 )
...
Switch to software.sslmate.com/src/go-pkcs12 instead
Signed-off-by: yihuaf <yihuaf@unkies.org>
2024-06-18 19:21:48 +02:00
Andrew Gunnerson
c7fc730019
fix(vault): Fix crash when caching is enabled and a token expires ( #3598 )
...
In the vault client library, LookupSelfWithContext calls ParseSecret,
which has a few places where it returns `nil, nil` instead of returning
a proper error. The most common scenario is when the token expires and
the Vault server returns:
{
"errors": [
"permission denied"
]
}
This commit adds an additional check to ensure that a nil response won't
be dereferenced in checkToken().
Signed-off-by: Andrew Gunnerson <andrew.gunnerson@elastic.co>
2024-06-18 09:28:41 +02:00
Bude8
23f2829ec1
Add logic to skip multiple stores. Add tests for multiple un/managed stores ( #3123 )
...
Signed-off-by: Bude8 <henryblee8@gmail.com>
2024-06-18 07:56:20 +02:00
Idan Adar
e13e09413e
Fix typo privatKey in multiple files ( #3578 )
...
* Update generators.external-secrets.io_githubaccesstokens.yaml
Fixes https://github.com/external-secrets/external-secrets/issues/3556
Signed-off-by: Idan Adar <iadar@il.ibm.com>
* Update generator_github.go
Signed-off-by: Idan Adar <iadar@il.ibm.com>
* Update github.go
Signed-off-by: Idan Adar <iadar@il.ibm.com>
* Update generator-github.yaml
Signed-off-by: Idan Adar <iadar@il.ibm.com>
* Update github_test.go
Signed-off-by: Idan Adar <iadar@il.ibm.com>
* fix: rename property
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
---------
Signed-off-by: Idan Adar <iadar@il.ibm.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
2024-06-17 11:12:03 +02:00
Geoffrey MUSELLI
f74e08546c
Support glob for namespaces condition in ClusterSecretStore ( #2920 )
...
* feat(ClusterSecretStore): Support glob for conditions.namespaces
Signed-off-by: gmuselli <geoffrey.muselli@gmail.com>
* feat(ClusterSecretStore): Fix diff
Signed-off-by: gmuselli <geoffrey.muselli@gmail.com>
* feat(ClusterSecretStore): Fix code smell
Signed-off-by: gmuselli <geoffrey.muselli@gmail.com>
* feat(ClusterSecretStore): First code review
Signed-off-by: gmuselli <geoffrey.muselli@gmail.com>
* feat(ClusterSecretStore): Second code review
Signed-off-by: gmuselli <geoffrey.muselli@gmail.com>
* feat(ClusterSecretStore): Generate
Signed-off-by: gmuselli <geoffrey.muselli@gmail.com>
* feat(ClusterSecretStore): Fix Sonar method complexity
Signed-off-by: gmuselli <geoffrey.muselli@gmail.com>
* addressed comments
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* renamed namedspacesregexes because it sounded funny
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
---------
Signed-off-by: gmuselli <geoffrey.muselli@gmail.com>
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-06-17 08:36:05 +02:00
Tsubasa Nagasawa
199c9103db
feat(certcontroller): Allow restricting CRDs and Webhook configs in Informer cache ( #3588 )
...
* feat: Add component labels to custom resource definitions
Prerequisite for restricting the CRDs cached by Informer
Signed-off-by: Tsubasa Nagasawa <toversus2357@gmail.com>
* feat(certcontroller): Allow restricting CRDs and Webhook configs in Informer cache
The certcontroller watches CRDs and Webhook configurations, and
manages CA certificates for conversion webhooks of CRDs and Webhook
configurations. Some clusters have a large number of CRDs and Webhook
configurations installed. Additionally, some CRDs have large object sizes.
Currently, the certcontroller holds all CRDs and Webhook configurations
in the Informer cache. Since this includes CRDs not managed by the
certcontroller for CA certificates, memory usage tends to be high.
This PR adds a label to the CRDs and configures the Informer cache to hold
only the CRDs and Webhook configurations restricted by the label selector.
It assumes that the CRDs have a label. Depending on how the External Secrets
Operator is managed, it may be possible to update the External Secrets
Operator without updating the CRDs, so as a precaution, it can be turned
on/off via a startup option. It is disabled by default.
Signed-off-by: Tsubasa Nagasawa <toversus2357@gmail.com>
---------
Signed-off-by: Tsubasa Nagasawa <toversus2357@gmail.com>
2024-06-16 12:52:10 +02:00
eso-service-account-app[bot]
8ac205c0a2
chore: update dependencies ( #3570 )
...
* update dependencies
Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
* fix: fork sprig to bump pulumi
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
---------
Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
Co-authored-by: Idan Adar <iadar@il.ibm.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
2024-06-15 14:49:30 +02:00
Gergely Brautigam
ac0eaedf16
fix: parameter store should be called only once ( #3584 )
2024-06-15 12:02:08 +02:00
smcavallo
d29c001d37
Add device42 provider ( #3571 )
2024-06-14 06:04:19 +02:00
Victor Santos
dd8c004f47
feat: add support to set Type for AWS parameter store ( #3576 )
...
Signed-off-by: Victor Santos <vsantos.py@gmail.com>
2024-06-12 10:24:52 +02:00
Akhil Mohan
ace1ff595f
Infisical provider ( #3477 )
...
* feat: added crds for infisical provider
Signed-off-by: = <akhilmhdh@gmail.com>
* feat: implemented infisical provider logic
Signed-off-by: = <akhilmhdh@gmail.com>
* fix: resolved broken doc building due to vault doc error
Signed-off-by: = <akhilmhdh@gmail.com>
* docs: added doc for infisical provider
Signed-off-by: = <akhilmhdh@gmail.com>
* docs: fixed a warning in mkdocs on link
Signed-off-by: = <akhilmhdh@gmail.com>
* feat: resolved all lint issues
Signed-off-by: = <akhilmhdh@gmail.com>
* doc: removed k8s auth release banner from infisical doc
Signed-off-by: = <akhilmhdh@gmail.com>
* feat: added support for property to infisical provider
Signed-off-by: = <akhilmhdh@gmail.com>
* feat: removed auth type and made implicit ordering of authentication based on feedback
Signed-off-by: = <akhilmhdh@gmail.com>
* feat: support for referent authentication
Signed-off-by: = <akhilmhdh@gmail.com>
* feat: added error for tag not supported in find
Signed-off-by: = <akhilmhdh@gmail.com>
* fix: resolved failing build
Signed-off-by: = <akhilmhdh@gmail.com>
* feat: updated doc and added stability matrix for infisical
Signed-off-by: = <akhilmhdh@gmail.com>
* feat: switched to less error prone use and revoke token strategy and added validate interface logic
Signed-off-by: = <akhilmhdh@gmail.com>
* feat: code lint issue fixes
Signed-off-by: = <akhilmhdh@gmail.com>
* feat: resolved review comments for infisical client
Signed-off-by: = <akhilmhdh@gmail.com>
* feat: improved test cases and resolved sonar issues
Signed-off-by: = <akhilmhdh@gmail.com>
* feat: resolved sonar suggestions
Signed-off-by: = <akhilmhdh@gmail.com>
* feat: resolved sonar suggestions for test const ids
Signed-off-by: = <akhilmhdh@gmail.com>
* feat: store changes to assertError
Signed-off-by: = <akhilmhdh@gmail.com>
---------
Signed-off-by: = <akhilmhdh@gmail.com>
2024-06-11 22:27:31 +02:00
Gergely Brautigam
94c9a33a11
feat: add location to GCP push secret ( #3502 )
...
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-06-07 09:46:29 +02:00
Mathias Maes
a12f3b8292
Add CA-Bundle to pemToPkcs12 output ( #3494 )
...
* Add CA-Bundle to pemToPkcs12 output
Signed-off-by: Mathias Maes <mathias.maes@aloxy.io>
* add fullPemToPkcs12 and tests
Signed-off-by: Mathias Maes <mathias.maes@aloxy.io>
---------
Signed-off-by: Mathias Maes <mathias.maes@aloxy.io>
2024-06-03 22:35:02 +02:00
Mathias Bleimhofer
30e18870e2
Fix: ESO template crash when Kubernetes secret data is nil ( #3537 )
...
* fix: check if secret.Data is nil before assigning a value
Signed-off-by: MathiasBleimhofer <mathias.bleimhofer@deutschebahn.com>
2024-06-03 22:27:05 +02:00
Shuhei Kitagawa
b156e23743
Raise error when unknown key specified in template ( #3480 )
...
* Raise error when unknown key specified in template
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
* Update the template docs to clarify the new behavior with non-existing keys
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
---------
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
2024-05-17 09:57:11 -03:00
Shuhei Kitagawa
477945777d
Fix flaky ES controller test ( #3493 )
...
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
2024-05-14 12:43:56 -03:00
Luis Schweigard
0abb3e9cc4
Add support for Authentication against Azure Key Vault using Client Certificate ( #3469 )
...
* Implementation of Certificate Based Authz against Azure Key Vault
Signed-off-by: Luis Schweigard <luis.schweigard@gmail.com>
* Add tests for new Azure certificate auth functionality
Signed-off-by: Luis Schweigard <luis.schweigard@gmail.com>
* Add documentation for Azure Cert based Auth
Signed-off-by: Luis Schweigard <luis.schweigard@gmail.com>
* Generate spec.md
Signed-off-by: Luis Schweigard <luis.schweigard@gmail.com>
* Add changes from code review
Signed-off-by: Luis Schweigard <luis.schweigard@gmail.com>
* Fix naming in test error case
Signed-off-by: Luis Schweigard <luis.schweigard@gmail.com>
---------
Signed-off-by: Luis Schweigard <luis.schweigard@gmail.com>
2024-05-13 08:40:50 -03:00
Shuhei Kitagawa
30f2f902cd
Start reconciliation when a secret has changed ( #3459 )
...
* Start reconciliation when a secret has changed
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
* Prolong the test timeout
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
* Use predicate.ResourceVersionChangedPredicate instead
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
---------
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
2024-05-11 08:30:25 -03:00
Shuhei Kitagawa
13dd16bf6d
Use maps.Equal to compare maps ( #3460 )
...
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
2024-05-07 17:10:35 -03:00
hima
f22c53fca0
Issue 3436 ( #3444 )
...
* utiliy for comparing byteslice and string
Signed-off-by: himasagaratluri <himasagar.atluri@gmail.com>
* unit test for utility
Signed-off-by: himasagaratluri <himasagar.atluri@gmail.com>
* add validation for StringType
Signed-off-by: himasagaratluri <himasagar.atluri@gmail.com>
* if clause to consider binary
Signed-off-by: himasagaratluri <himasagar.atluri@gmail.com>
* Test case: if clause to consider binary
Signed-off-by: himasagaratluri <himasagar.atluri@gmail.com>
---------
Signed-off-by: himasagaratluri <himasagar.atluri@gmail.com>
2024-05-03 16:17:36 -03:00
Parth Patel
6252ad9394
Implemented updatePolicy: IfNotExists
for AWS Secret Store ( #3438 )
...
* Implemented SecretExists for AWS Secret Store
Signed-off-by: Parth Patel <p.patel81@yahoo.com>
* Lint changes
Signed-off-by: Parth Patel <p.patel81@yahoo.com>
* Added some unit-tests
Signed-off-by: Parth Patel <p.patel81@yahoo.com>
* Small refactored unit-tests
Signed-off-by: Parth Patel <p.patel81@yahoo.com>
* Fixed lint issues
Signed-off-by: Parth Patel <p.patel81@yahoo.com>
---------
Signed-off-by: Parth Patel <p.patel81@yahoo.com>
2024-05-03 06:36:42 -03:00
eso-service-account-app[bot]
34b4ff10da
chore: update dependencies ( #3433 )
...
* update dependencies
Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
* bump alibaba
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
* bump kube to 0.30
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
---------
Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
Co-authored-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
Co-authored-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
2024-04-30 14:52:59 -03:00
Shuhei Kitagawa
9d17e34942
Refactor the SecretStore client manager ( #3419 )
...
* Refactor the SecretStore client manager
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
* Fix ineffectual assignment to err
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
* Update docs
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
---------
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
2024-04-29 05:15:21 -03:00
Shlomo Zalman Heigh
02c6f625bd
Add Conjur Support for FindByName, FindByTag ( #3364 )
2024-04-28 19:01:00 +02:00
Shuhei Kitagawa
43a7a16baf
Update Go and golangci-lint version ( #3396 )
...
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
2024-04-25 06:36:11 -03:00
Shuhei Kitagawa
82d431974b
Publish the secret updated events only when they are updated ( #3293 )
...
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
2024-04-19 17:10:01 -03:00
Yann Ponzoni
3d96be0d53
Pulumi: Remove unwanted chars when extract secret ( #3333 )
...
* Remove unwanted chars when extract secret
Add TestGetSecretMap
Fixes #3332
Signed-off-by: alphayax <alphayax@gmail.com>
* TestGetSecretMap: Simplify test inputs
Signed-off-by: alphayax <alphayax@gmail.com>
* TestGetSecretMap: Add more tests
Signed-off-by: alphayax <alphayax@gmail.com>
---------
Signed-off-by: alphayax <alphayax@gmail.com>
2024-04-18 10:12:15 +02:00
Mykhailo Zahlada
47cc50a9ed
Workloadidentity clientid from secret ref ( #3367 )
...
* updates documentation: extends workloadIdentity auth configuration
Signed-off-by: Mykhailo Zahlada <myzahlad@microsoft.com>
* adds and updates tests
Signed-off-by: Mykhailo Zahlada <myzahlad@microsoft.com>
* extends provider configuration to accept clientId and tenantId as auth SecretRef
Signed-off-by: Mykhailo Zahlada <myzahlad@microsoft.com>
* updates service account example
Signed-off-by: Mykhailo Zahlada <myzahlad@microsoft.com>
* updates docs
Signed-off-by: Mykhailo Zahlada <myzahlad@microsoft.com>
---------
Signed-off-by: Mykhailo Zahlada <myzahlad@microsoft.com>
Co-authored-by: Mykhailo Zahlada <myzahlad@microsoft.com>
Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
2024-04-18 05:09:53 -03:00
Thorben Below
432c6bf9ab
Feat: Add Passbolt Provider ( #3334 )
...
* add passbolt provider
Signed-off-by: Thorben Below <56894536+thorbenbelow@users.noreply.github.com>
* Fix: return err for unimplemented methods
Signed-off-by: Thorben Below <56894536+thorbenbelow@users.noreply.github.com>
---------
Signed-off-by: Thorben Below <56894536+thorbenbelow@users.noreply.github.com>
2024-04-18 09:58:25 +02:00
rohautl
e0bdcd0d97
feat: implement azure pushsecret ifnotexist updatepolicy via secretExists function ( #3361 )
...
Signed-off-by: rohautl <lu.rohaut@laposte.net>
Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
2024-04-17 15:02:14 -03:00
Shuhei Kitagawa
119622a656
Use grpc.NewClient instead of grpc.Dial ( #3369 )
...
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
2024-04-16 12:17:05 -03:00
David Recuenco
7602995a1c
Extract support for SDKMS provider ( #3237 )
...
* ADD extract support for sdkms provider
Signed-off-by: Recuenco, David <david.recuenco@adidas-group.com>
* Apply suggestions from code review
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Signed-off-by: David Recuenco <david.recuencogadea+github@gmail.com>
---------
Signed-off-by: Recuenco, David <david.recuenco@adidas-group.com>
Signed-off-by: David Recuenco <david.recuencogadea+github@gmail.com>
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-04-09 08:20:37 +02:00
rickymulder
efcd9874a7
Address #3331 and #3080 ( #3335 )
...
* Address !3331 and !3080
* Modify webhook provider TLS config to restrict tls renegotiation to once per client
** Addresses !3331
* Modify webhook certs validation to include intermediates held within tls.crt
** Addresses !3080
** [Cert-Manager recommendation](https://cert-manager.io/docs/configuration/ca ) for CA issuer
Signed-off-by: Rick Mulder <rickymulder@gmail.com>
* Add tls chain tests related to #3080
Signed-off-by: Rick Mulder <rickymulder@gmail.com>
* Clean up tls chain test based on sonarcloud recommendation
Signed-off-by: Rick Mulder <rickymulder@gmail.com>
* Fix checkEndpoints and checkCRDs to use proper pointer reference
Signed-off-by: Rick Mulder <rickymulder@gmail.com>
---------
Signed-off-by: Rick Mulder <rickymulder@gmail.com>
2024-04-09 08:10:55 +02:00
Shuhei Kitagawa
120fedf841
Add NamespaceSelectors field to ClusterExternalSecret ( #3268 )
...
https://github.com/external-secrets/external-secrets/issues/3257
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
2024-04-05 08:35:08 +09:00
Rodrigo Fior Kuntzer
9ff2354213
fix: introducing support for conversion strategy for PushSecret. ( #3292 )
...
* fix: introducing support for conversion strategy for PushSecret.
Signed-off-by: Rodrigo Fior Kuntzer <rodrigo@miro.com>
* fix: unit tests code quality.
Signed-off-by: Rodrigo Fior Kuntzer <rodrigo@miro.com>
---------
Signed-off-by: Rodrigo Fior Kuntzer <rodrigo@miro.com>
2024-04-04 16:31:28 +02:00
Michael Serchenia
84731616f4
GitHub provider (supersedes #3014 ) ( #3115 )
...
* github provider signed, supersedes #3014
Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>
* tests pass, + crd + docs
Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>
* fix sonarLint alert
Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>
* refactoring, replace secretStore with generator
Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>
* cosmetics + tst + lint pass
Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>
* docs
Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>
* clean-up + lint + test
Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>
* small refactor, fix issues left in comments
Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>
---------
Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>
2024-04-03 09:19:57 +02:00
Yann Ponzoni
5ac6b5fc3f
Allow Pulimi to extract structured data. ( #3308 )
...
* Handle json.RawMessage as a []byte in util.GetByteValue.
This allow Pulimi to extract structured data.
Close : #3307
Signed-off-by: alphayax <alphayax@gmail.com>
* Add test for utils.GetByteValue: TestGetByteValue
Signed-off-by: alphayax <alphayax@gmail.com>
---------
Signed-off-by: alphayax <alphayax@gmail.com>
2024-03-27 12:18:27 +01:00
Rodrigo Fior Kuntzer
ceb26a6d50
fix: allow pushing the whole secret to Vault ( #3288 )
...
Signed-off-by: Rodrigo Fior Kuntzer <rodrigo@miro.com>
2024-03-27 07:24:44 +01:00
Blair Drummond
731c0ed736
feat: add vault auth namespace option ( #3157 )
...
* feat: add vault auth namespace option
Signed-off-by: Blair Drummond <blaird@liatrio.com>
* fix: appease the linter
Signed-off-by: Blair Drummond <blaird@liatrio.com>
* feat: add tests for auth namespace
Signed-off-by: Blair Drummond <blaird@liatrio.com>
* fix: add make reviewable output
Signed-off-by: Blair Drummond <blaird@liatrio.com>
---------
Signed-off-by: Blair Drummond <blaird@liatrio.com>
2024-03-27 07:23:34 +01:00
Gergely Brautigam
e589572caf
feat: add wait for values to be created and updated on 1Password side ( #3238 )
2024-03-18 11:18:56 +01:00
Sulfixx
e57e4b72ca
Integrate Passworddepot ( #2799 )
...
* PLAT-1179 | updated to beta1
Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>
* PLAT-1179 | Updating External Secrets fixes
Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>
* PLAT-1179 | Fix to Passworddepots-crds-generation
Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>
* PLAT-1179 | apiextensionsv1 removal
Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>
* Update apis/externalsecrets/v1beta1/secretstore_passworddeport_types.go
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Signed-off-by: Sulfixx <135371229+Sulfixx@users.noreply.github.com>
* Update apis/externalsecrets/v1beta1/secretstore_passworddeport_types.go
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Signed-off-by: Sulfixx <135371229+Sulfixx@users.noreply.github.com>
* Update apis/externalsecrets/v1beta1/secretstore_types.go
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Signed-off-by: Sulfixx <135371229+Sulfixx@users.noreply.github.com>
* PLAT-1179 | Removed insecureverify and other fixes
Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>
* PLAT-1179 | Fixed Linter and Sonar Issues
Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>
* PLAT-1179 | Fixed Typo in Passworddepot_api.go
Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>
* PLAT-1179 | Resolved go.mod Conflict
Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>
* PLAT-1179 | Resolved go.mod conflict typo
Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>
* PLAT-1179 | admission.Warnings error fix
Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>
* PLAT-1179 | Added nolint:bodyclose // linters bug
Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>
* PLAT-1179 | Removed <= Head arrow from mkdocs.yml
Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>
* PLAT-1179 | Added Make Check-Diff Changes
Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>
* PLAT-1179 | Changed Error Package, Added Context, API Refactor
Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>
* PLAT-1179 | Added const DoRequestError to reduce Codesmell
Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>
* PLAT-1179 | Moved defer body close func into ReadAndUnmarshal
Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>
* PLAT-1179 | Moved Status Check into ReadAndUnmarshal
Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>
* PLAT-1179 | Removed Response.body from ReadAndUnmarshal
Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>
* Update apis/externalsecrets/v1alpha1/secretstore_passworddepot_types.go
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Signed-off-by: Sulfixx <135371229+Sulfixx@users.noreply.github.com>
* PLAT-1179 | Go mod tidy and Make generate
Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>
* PLAT-1179 | Added empty SecretExists Method
Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>
* PLAT-1179 | Renamed unsed ctx to _
Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>
---------
Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>
Signed-off-by: Sulfixx <135371229+Sulfixx@users.noreply.github.com>
Co-authored-by: Sören Rohweder <soeren.rohweder@fastleansmart.com>
Co-authored-by: Simon Becker <simon.becker@fastleansmart.com>
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-03-12 13:33:08 +01:00
Gergely Brautigam
1d5177c8c7
feat: add secret push format to AWS secrets manager ( #3189 )
2024-03-10 08:12:50 +01:00
Carolin Dohmen
29e5f71d8b
Add PushSecret UpdatePolicy (to replace PR #3100 ) ( #3117 )
...
* Add PushSecret UpdatePolicy
Signed-off-by: Carolin Dohmen <carodohmen@gmail.com>
* Adjust description of UpdatePolicy in PushSecret Spec
Signed-off-by: Carolin Dohmen <carodohmen@gmail.com>
* Restructure PushSecret Status
Signed-off-by: Carolin Dohmen <carodohmen@gmail.com>
* Refactor PushSecret controller method
Signed-off-by: Carolin Dohmen <carodohmen@gmail.com>
* Add missing methods for new providers
Signed-off-by: Carolin Dohmen <carodohmen@gmail.com>
* Add missing method to onboardbase client
Signed-off-by: Carolin Dohmen <carodohmen@gmail.com>
* Add docs on PushSecret UpdatePolicy
Signed-off-by: Carolin Dohmen <carodohmen@gmail.com>
* Use constant for error message
Signed-off-by: Carolin Dohmen <carodohmen@gmail.com>
---------
Signed-off-by: Carolin Dohmen <carodohmen@gmail.com>
2024-03-08 11:17:31 +01:00
Trent V
de78ea175f
fixed gitlab error typo: gilabClient -> gitlabClient ( #3241 )
...
Signed-off-by: Trenton VanderWert <trenton.vanderwert@gmail.com>
2024-03-08 12:44:16 +09:00
Florent Viel
3bd911b9c1
Update Scaleway provider to use v1beta1 API version ( #3205 )
...
* feat: update scw secret api to v1beta1
Signed-off-by: Florent Viel <fviel@scaleway.com>
* fix: lint issue
Signed-off-by: Florent Viel <fviel@scaleway.com>
---------
Signed-off-by: Florent Viel <fviel@scaleway.com>
2024-03-06 10:39:27 +01:00
filedeploy
1fbd7a01e1
Implement Doppler Secret Push and Delete functions ( #3200 )
...
* Implement Doppler Secret Push and Delete functions
Signed-off-by: Carter Cook <carter.cook@filedeploy.com>
* Better error formatting (PR review #3200 )
Signed-off-by: Carter Cook <carter.cook@filedeploy.com>
---------
Signed-off-by: Carter Cook <carter.cook@filedeploy.com>
2024-03-06 10:35:18 +01:00
Shlomo Zalman Heigh
1d3209da59
Conjur E2E Tests for K8s JWT Authentication ( #3217 )
...
Signed-off-by: Shlomo Heigh <shlomo.heigh@cyberark.com>
2024-03-01 17:36:19 +01:00
Aleem Isiaka
52f6655345
Onboardbase ( #2697 )
...
* Commit and Save
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Pull secrets
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Integrate Onboardbase Into ESO
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Minor Fix And Cleanups
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Attend to review comments
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Commit and Save
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Pull secrets
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Integrate Onboardbase Into ESO
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Minor Fix And Cleanups
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Attend to review comments
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Commit and Save
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Pull secrets
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Integrate Onboardbase Into ESO
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Minor Fix And Cleanups
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Attend to review comments
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Commit and Save
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Pull secrets
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Integrate Onboardbase Into ESO
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Minor Fix And Cleanups
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Attend to review comments
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Run decrypt with error
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Commit and Save
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Pull secrets
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Integrate Onboardbase Into ESO
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Minor Fix And Cleanups
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Attend to review comments
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Commit and Save
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Pull secrets
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Integrate Onboardbase Into ESO
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Minor Fix And Cleanups
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Attend to review comments
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Commit and Save
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Pull secrets
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Integrate Onboardbase Into ESO
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Minor Fix And Cleanups
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Attend to review comments
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Commit and Save
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Pull secrets
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Integrate Onboardbase Into ESO
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Minor Fix And Cleanups
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Attend to review comments
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Install deps
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Improved docs
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Improved docs
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Update hack/crd.generate.sh
Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
Signed-off-by: Aleem Isiaka <30846935+limistah@users.noreply.github.com>
* address issues with running the code
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* decrypt library into code
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* add docs to onboardbase provider
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* refactor duplicates
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Address Issues with tests
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Address issues with delete policy and json secrets
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Fix lint errors
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* error out when there is tags in the find field
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* execute delete request with the right data
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* ignore deletion policy
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* improve lint errors
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* remove cryptojs decrypt libs
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* Get secret value if property is set
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* run obb operator
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* 👌 IMPROVE: supports request deadline, esv1beta1 api updates
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* use same timeout
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* fix sonar cloud issues
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* fix sonar cloud issues
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* fix sonar cloud issues
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* fix failing test
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* add improve docs
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
* add improve docs
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
---------
Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
Signed-off-by: Nasirudeen Olohundare <iamnasirudeen@gmail.com>
Signed-off-by: Aleem Isiaka <30846935+limistah@users.noreply.github.com>
Co-authored-by: Nasirudeen Olohundare <iamnasirudeen@gmail.com>
Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
2024-02-29 21:28:17 +01:00
David Recuenco
af38fc68d5
ADD sdkms base implementation ( #3180 )
...
* ADD sdkms base implementation
Signed-off-by: Recuenco, David <david.recuenco@adidas-group.com>
* FIX get secret object by name, unmarshalling error formatting
Signed-off-by: Recuenco, David <david.recuenco@adidas-group.com>
* ADD suport for fortanix secret security objects
Signed-off-by: Recuenco, David <david.recuenco@adidas-group.com>
* ADD more tests for opaque, secret, new client
Signed-off-by: Recuenco, David <david.recuenco@adidas-group.com>
* FIX changes required by make reviewable
Signed-off-by: Recuenco, David <david.recuenco@adidas-group.com>
* ADD missing provider registration
Signed-off-by: Recuenco, David <david.recuenco@adidas-group.com>
* FIX remove unused error string, add generated assets
Signed-off-by: Recuenco, David <david.recuenco@adidas-group.com>
---------
Signed-off-by: Recuenco, David <david.recuenco@adidas-group.com>
2024-02-28 10:59:47 +01:00
Marco Singer
983488ca57
feat(generator/webhook): Improve error message ( #3190 )
...
Signed-off-by: Marco Singer <marcosinger@users.noreply.github.com>
2024-02-28 09:23:08 +09:00
Mathias Maes
74ed3facb7
Add PEM to PKCS12 template function ( #3101 )
...
* Add PEM to PKCS12 template function
Signed-off-by: Mathias Maes <mathias.maes@aloxy.io>
* add docs
Signed-off-by: Mathias Maes <mathias.maes@aloxy.io>
* add pemToPkcs12Pass
Signed-off-by: Mathias Maes <mathias.maes@aloxy.io>
* fix formatting
Signed-off-by: Mathias Maes <mathias.maes@aloxy.io>
---------
Signed-off-by: Mathias Maes <mathias.maes@aloxy.io>
2024-02-27 09:36:53 +01:00
Gustavo Fernandes de Carvalho
1cf8f68276
Implements Webhook Generator ( #3121 )
...
* adding webhook generators
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
* bumping bundle
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
* linting
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
* fixing copy-paste error
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
* common webhook functions
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
* removing duplicates. Adding tests for generator
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
* docs
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
---------
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
2024-02-17 06:49:31 -03:00
Engin Diri
dc9b5b7207
feat: add support for Pulumi ESC ( #2997 )
...
Signed-off-by: Engin Diri <engin.diri@ediri.de>
2024-02-14 19:56:06 +01:00
Sourav Patnaik
a012f4829c
Implementation of Chef External Secrets Provider ( #3127 )
...
* Adding the details for chef provider secret store.
Issue: https://github.com/external-secrets/external-secrets/issues/2905
This commit intends to add the chef provider structure to the existing list of external-secrets providers.
It defines the structure of the SecretStore and ClusterSecretStore for chef Provider.
The yaml resource will contain 3 important parts to identify and connect to chef server to reconcile secrets. They are:
1. serverurl: This is the URL to the chef server.
2. username: The username to connect to the chef server.
3. auth: The password to connect to the chef server. It is a reference to an already existing kubernetes secret containing the password.
This commit also contains the auto generated CRDs using the `make generate` command.
Signed-off-by: Subroto Roy <subrotoroy007@gmail.com>
* Implementation for Chef ESO provided
Signed-off-by: vardhanreddy13 <vvv.vardhanreddy@gmail.com>
* - implemented Chef eso, added required methods
- added unit test cases
- added sample documentation
Issue: https://github.com/external-secrets/external-secrets/issues/2905
Signed-off-by: Sourav Patnaik <souravpatnaik123@gmail.com>
* Added Documentation for Authentication
Signed-off-by: Subroto Roy <subrotoroy007@gmail.com>
* added documentation for Chef eso
Issue: https://github.com/external-secrets/external-secrets/issues/2905
Signed-off-by: Sourav Patnaik <souravpatnaik123@gmail.com>
* Updated chef ESO documentation
Signed-off-by: vardhanreddy13 <vvv.vardhanreddy@gmail.com>
* updated ValidateStore method signature
Issue: https://github.com/external-secrets/external-secrets/issues/2905
Signed-off-by: Sourav Patnaik <souravpatnaik123@gmail.com>
* made changes in chef provider to satisfy 'make docs'
Issue: https://github.com/external-secrets/external-secrets/issues/2905
Signed-off-by: Sourav Patnaik <souravpatnaik123@gmail.com>
* - updated code as per review comment, make reviewable suggestions
Issue: https://github.com/external-secrets/external-secrets/issues/2905
Signed-off-by: Sourav Patnaik <souravpatnaik123@gmail.com>
* modified chef provider code as per review comment
Issue: https://github.com/external-secrets/external-secrets/issues/2905
Signed-off-by: Sourav Patnaik <souravpatnaik123@gmail.com>
---------
Signed-off-by: Subroto Roy <subrotoroy007@gmail.com>
Signed-off-by: vardhanreddy13 <vvv.vardhanreddy@gmail.com>
Signed-off-by: Sourav Patnaik <souravpatnaik123@gmail.com>
Co-authored-by: Subroto Roy <subrotoroy007@gmail.com>
Co-authored-by: vardhanreddy13 <vvv.vardhanreddy@gmail.com>
2024-02-14 09:54:08 +01:00
Gergely Brautigam
e726087851
feat: add push secret to e2e tests ( #3017 )
...
* feat: add push secret to e2e tests
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* finally, a fully working example for an e2e flow with push secret
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* fix value field duplication issue
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
---------
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-02-12 16:44:45 +01:00
Parth Patel
8db12430e7
Changes as per suggestion and clean up ( #3077 )
...
Signed-off-by: Parth Patel <p.patel81@yahoo.com>
2024-02-07 07:56:46 +09:00
Moritz Johner
d246c2e082
🧹 refactor vault provider ( #3072 )
...
* chore: split monolith into separate files
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* chore: add tests
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* chore: rename vault/auth_iam vars
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* fixup: remove string duplication
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
---------
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2024-01-31 22:03:32 +01:00
Shanti G
5f8d24000a
IBM provider: remove deprecated code for fetching secret by name ( #3078 )
...
* remove deprecated code for fetching secret by name
Signed-off-by: shanti.gundumalla@ibm.com <shanti.gundumalla@ibm.com>
* update the documentation
Signed-off-by: shanti.gundumalla@ibm.com <shanti.gundumalla@ibm.com>
* fix linting
Signed-off-by: shanti.gundumalla@ibm.com <shanti.gundumalla@ibm.com>
---------
Signed-off-by: shanti.gundumalla@ibm.com <shanti.gundumalla@ibm.com>
Co-authored-by: shanti.gundumalla@ibm.com <shanti.gundumalla@ibm.com>
2024-01-26 17:46:24 +01:00
Moritz Johner
01f6be8e6e
chore: bump jwx pkg ( #3075 )
...
Bump to v2 to address CVE-2024-21664.
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2024-01-25 10:34:47 +01:00
charan986
2b39593109
added metrics support for akeyless ( #3069 )
...
* added metrics support for akeyles
Signed-off-by: Sai Charan Godasi <saicharangodasi@Sais-MacBook-Air.local>
2024-01-24 22:34:55 +01:00
Moritz Johner
58cb47cc06
chore: add tests for AWS/SM ( #3057 )
...
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2024-01-22 09:35:09 +01:00
Moritz Johner
ee35aa0f9f
feat: expose admission warnings to ValidateStore interface ( #3058 )
...
This allows providers to issue warnings, e.g. during a
migration/deprecation period
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2024-01-21 23:34:29 +01:00
Moritz Johner
26f9c3f1f4
chore: refactor/centralise secretKeyRef usage ( #3022 )
...
* chore: refactor/centralise secretKeyRef usage
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2024-01-21 08:19:57 +01:00
Rodrigo Fior Kuntzer
31cecaa62b
feat: add support for Hashicorp Vault mTLS ( #3018 )
...
* feat: adding support for mTLS to the Vault provider
Signed-off-by: Rodrigo Fior Kuntzer <rodrigo@miro.com>
2024-01-19 00:43:28 +01:00
Ludovic Ortega
0a02f73142
feat: set default namespace on vault secretStore (namespaced ressource) ( #2869 )
...
* feat: set default namespace on vault secretStore
Signed-off-by: Ludovic Ortega <ludovic.ortega@adminafk.fr>
* fix: unit test
Signed-off-by: Ludovic Ortega <ludovic.ortega@adminafk.fr>
* feat: remove depreciation message
Signed-off-by: Ludovic Ortega <ludovic.ortega@adminafk.fr>
---------
Signed-off-by: Ludovic Ortega <ludovic.ortega@adminafk.fr>
2024-01-16 19:59:24 +01:00
Shuhei Kitagawa
373a9c23e8
Update the ExternalSecret status even when data is empty ( #2927 )
...
https://github.com/external-secrets/external-secrets/issues/2874
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>
2024-01-12 22:09:03 +01:00
Pedro Parra Ortega
ba8cf6bde5
Feat/allow keeper to work with complex types ( #3016 )
...
* update dependencies (#3005 )
Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
Co-authored-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>
Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>
* feat: allow keeper to work with complex types
Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>
---------
Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com>
Co-authored-by: eso-service-account-app[bot] <85832941+eso-service-account-app[bot]@users.noreply.github.com>
Co-authored-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>
2024-01-12 00:30:58 +01:00
barucoh
ab1e95a458
Akeyless Provider - Add support for Certificate items Signed-off-by: barucoh <20933964+barucoh@users.noreply.github.com> ( #3013 )
...
Signed-off-by: “barucoh” <“ohadbaruch1@gmail.com”>
2024-01-10 23:11:03 +01:00
Bryce Thuilot
0bb4feae4a
feat: add PushSecret and DeleteSecret to onepassword provider ( #2646 )
...
* feat: add PushSecret and DeleteSecret to onepassword provider
Signed-off-by: Bryce Thuilot <bryce@thuilot.io>
* refactor: clean code based on suggestions
Signed-off-by: Bryce Thuilot <bryce@thuilot.io>
* refactor: make suggested sonar cube changes
Signed-off-by: Bryce Thuilot <bryce@thuilot.io>
---------
Signed-off-by: Bryce Thuilot <bryce@thuilot.io>
2024-01-04 19:36:41 +01:00
Gergely Brautigam
d6e24a82bd
feat: add templating to PushSecret ( #2926 )
...
* feat: add templating to PushSecret
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* adding unit tests around templating basic concepts and verifying output
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* extracting some of the common functions of the parser
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* remove some more duplication
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* removed commented out code segment
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* added documentation for templating feature
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* simplified the templating for annotations and labels
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
---------
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2023-12-22 21:45:34 +01:00
Shanti G
fb762b57b3
minor changes: extension of PR #2950 ( #2967 )
2023-12-21 08:38:08 +02:00
Nitzan Nissim
b0bdef20b5
Add support for IBM Cloud Service Credentials secret type ( #2950 )
2023-12-21 08:21:02 +02:00
Florent Viel
88da2f3199
feat: add custom user agent to scaleway provider ( #2938 )
...
Signed-off-by: Florent Viel <fviel@scaleway.com>
2023-12-09 16:25:29 +09:00
Kiyofumi Sano
2f043ecaed
Signed-off-by: Kiyo510 <miraishida00510@gmail.com> ( #2919 )
...
typo: ref:#2917 Fix typo in ExtermalSecretRewriteTransform
2023-12-02 14:53:11 +01:00
Victor Santos
3599384660
feat(fake): deprecate ValueMap to use Value instead ( #2884 )
2023-12-02 06:57:48 +09:00
Tal Asulin
2441ad547b
Feat/Adding support for PushSecret using HashiCorp Vault KV v1 ( #2879 )
...
* feat: init pushsecret support for vault kv1
Signed-off-by: talasulin <tal.asulin@appsflyer.comn>
* feat: update delete secret to support vault kv1
Signed-off-by: talasulin <tal.asulin@appsflyer.comn>
* test: adding unit tests for deletesecret for vault v1 coverage
Signed-off-by: talasulin <tal.asulin@appsflyer.comn>
* docs: adding a note for describing the potential risk of using kv1 with pushsecret
Signed-off-by: talasulin <tal.asulin@appsflyer.comn>
* feat: removing white spaces
Signed-off-by: talasulin <tal.asulin@appsflyer.comn>
* feat: removing white spaces
Signed-off-by: talasulin <tal.asulin@appsflyer.comn>
* chore: reverting buildMetadataPath changes as they are not called from v1 logic
Signed-off-by: talasulin <tal.asulin@appsflyer.comn>
* feat: add custom metadata to vault v1 secrets
Signed-off-by: talasulin <tal.asulin@appsflyer.comn>
* docs: adjusting documentation for supporting vault kv v1
Signed-off-by: talasulin <tal.asulin@appsflyer.comn>
* docs: adjusting documentation for supporting vault kv v1
Signed-off-by: talasulin <tal.asulin@appsflyer.comn>
* Update docs/provider/hashicorp-vault.md
Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
Signed-off-by: Tal Asulin <tallin900@gmail.com>
Signed-off-by: talasulin <tal.asulin@appsflyer.comn>
---------
Signed-off-by: talasulin <tal.asulin@appsflyer.comn>
Signed-off-by: Tal Asulin <tallin900@gmail.com>
Co-authored-by: talasulin <tal.asulin@appsflyer.comn>
Co-authored-by: tal-asulin <tal-asulin@users.noreply.github.com>
Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
2023-11-30 04:51:30 -03:00