1
0
Fork 0
mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-15 17:51:01 +00:00
Commit graph

847 commits

Author SHA1 Message Date
Gergely Brautigam
3ffeeb55dd
feat: enable concurrent reconciling for push secret reconciler (#4124)
* feat: enable concurrent reconciling for push secret reconciler

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* add cluster secret store concurrent option as well

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

---------

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-11-19 12:20:05 +01:00
Alex Samorukov
ebbc3a0e27
Add ability to use RetrySettings in the VaultDynamicSecret generator (#4076)
Signed-off-by: Oleksij Samorukov <samm@net-art.cz>
2024-11-07 07:58:23 +01:00
idimov-keeper
b3c3e1924d
Fix PushSecret lookup in keepersecurity provider (#4077)
* Fixed Keeper Security custom record type name in docs

Signed-off-by: Ivan Dimov <78815270+idimov-keeper@users.noreply.github.com>

* Fixed Keeper records lookup in PushSecret

Signed-off-by: Ivan Dimov <78815270+idimov-keeper@users.noreply.github.com>

* Improved Keeper record lookup to search only for records of the expected type
Improved PushSecret and DeleteSecret
Fixed "nil pointer dereference" errors

Signed-off-by: Ivan Dimov <78815270+idimov-keeper@users.noreply.github.com>

* Fixed tests

Signed-off-by: Ivan Dimov <78815270+idimov-keeper@users.noreply.github.com>

* chore(helm): Add extra labels to the validating webhooks (#4074)

It should add a bunch of app.kubernetes.io labels

Signed-off-by: Miguel Sacristán Izcue <miguel_tete17@hotmail.com>
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Signed-off-by: Ivan Dimov <78815270+idimov-keeper@users.noreply.github.com>

* Added tests for secrets with multiple matches

Signed-off-by: Ivan Dimov <78815270+idimov-keeper@users.noreply.github.com>

---------

Signed-off-by: Ivan Dimov <78815270+idimov-keeper@users.noreply.github.com>
Signed-off-by: Miguel Sacristán Izcue <miguel_tete17@hotmail.com>
Co-authored-by: Tete17 <miguel_tete17@hotmail.com>
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-11-06 21:58:04 +01:00
Gergely Brautigam
d4d4f4bc4b
feat: add AWS STS Session token generator (#4041)
* feat: add AWS STS Session token generator

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* version update for the generated CRD

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

---------

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-11-05 13:22:00 +01:00
Gergely Brautigam
6b70c9002f
feat: add option to configure topic information for GCM (#4055)
* feat: add option to configure topic information for GCM

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* fix the comparison logic for updates to include topics

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

---------

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-11-05 13:06:29 +01:00
eso-service-account-app[bot]
abd7b77611
chore: update dependencies (#4071)
* update dependencies

Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>

* removed updating sigs.k8s.io/structured-merge-diff/v4 because that broke compilation and fixed two lint issues

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

---------

Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Co-authored-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-11-05 08:49:29 +01:00
Anders Olsson
5088026566
fix: improve SecretExists in Bitwarden provider (#4058)
* Make findSecretByRef not return an error when it cant find a matching secret. Added error checks for missing secret in SecretExists and DeleteSecret.

Signed-off-by: Anders Olsson <anders.olsson@digitalist.se>

* Added check for missing secret in `GetSecret`

Signed-off-by: Anders Olsson <anders.olsson@digitalist.se>

---------

Signed-off-by: Anders Olsson <anders.olsson@digitalist.se>
Co-authored-by: Anders Olsson <anders.olsson@digitalist.se>
2024-10-29 14:29:27 +01:00
Konradas Bunikis
c51ad8d98f
feat: Support repositories and permissions in GitHub generator (#4039)
* feat: Support repositories and permissions in GitHub generator

Signed-off-by: konradasb <konradasb0@gmail.com>

* fix: Correct typo ommited->omitted

Signed-off-by: konradasb <konradasb0@gmail.com>

* fix: Optimize http req body

Signed-off-by: konradasb <konradasb0@gmail.com>

* fix: Optimize body var usage

Signed-off-by: konradasb <konradasb0@gmail.com>

* fix: Correct typo marshalling->marshaling

Signed-off-by: konradasb <konradasb0@gmail.com>

---------

Signed-off-by: konradasb <konradasb0@gmail.com>
2024-10-28 12:02:06 +01:00
Tchoupinax
0dd419a738
feat: edit all required changes for recursive option (#3939)
* feat: edit all required changes for recursive option

Signed-off-by: Tchoupinax <corentinfiloche@hotmail.fr>

* chore: make reviewable

Signed-off-by: Tchoupinax <corentinfiloche@hotmail.fr>

* feat: add missing param

Signed-off-by: Tchoupinax <corentinfiloche@hotmail.fr>

* feat: change property type to boolean

Signed-off-by: Tchoupinax <corentinfiloche@hotmail.fr>

* docs: new doc version

Signed-off-by: Tchoupinax <corentinfiloche@hotmail.fr>

---------

Signed-off-by: Tchoupinax <corentinfiloche@hotmail.fr>
2024-10-14 09:24:48 +02:00
Moritz Johner
9f7533867d
feat: push secret metadata (#3600)
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2024-10-12 20:41:10 +02:00
kaedwen
e9f291bd32
fix cert auth without token fixed #3926 (#3952)
* fix cert auth without token fixed #3926

Signed-off-by: kaedwen <kaedwen@heinrich.blue>

* refactor auth preapre, fail when nothing is given

Signed-off-by: kaedwen <kaedwen@heinrich.blue>

---------

Signed-off-by: kaedwen <kaedwen@heinrich.blue>
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-10-08 19:58:39 +02:00
Moritz Johner
76cf8ad263
feat: allow generators to be referenced from a PushSecret (#3965)
This removes the need for an intermediary Kind=ExternalSecret and
Kind=Secret when using a generator.

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2024-10-02 06:43:00 +00:00
cui fliter
62353be9ad
fix: fix slice assignment issue (#3964)
Signed-off-by: cuishuang <imcusg@gmail.com>
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-10-01 20:58:23 +02:00
Samuel Wambach
858fe6b53c
Add StoreKind to Webhook. (#3960)
Signed-off-by: Samuel Wambach <7828075+samwambach@users.noreply.github.com>
2024-09-27 07:44:09 +02:00
Gergely Brautigam
2e7cd7be3e
fix: pin to the right version for azure keyvault (#3949)
* fix: pin to the right version for azure keyvault

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* update the fake and the test

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

---------

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-09-24 14:31:24 +02:00
Gijs Middelkamp
daa1297f3d
Implements Previder provider for Previder Secret Vault implementation (#3916)
* Added Previder Vault Provider and tests

Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>

* Set go version back to 1.23

Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>

* Updates after "make reviewable"

Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>

* Fixed methods to naming convention

Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>

* Added Previder to stability support doc

Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>

* Added installation documentation and Previder logo

Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>

* Altered last test name for naming convention

Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>

* Adds Previder provider to api-docs/mkdocs.yml

Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>

* Ran make check-diff

Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>

* Updated Tiltfile to check for new default image used in helm chart

Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>

* Added optional tag to PreviderAuth struct

Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>

* Removed toolchain

Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>

* Updated to go 1.23.1 for CVE; Updated previder/vault-cli to 0.1.2 for CVE fix also

Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>

---------

Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>
Signed-off-by: Gijs Middelkamp <17021438+gkwmiddelkamp@users.noreply.github.com>
2024-09-21 16:44:32 +02:00
Engin Diri
231a6ea674
feat: update Pulumi provider for GA (#3917)
Signed-off-by: Engin Diri <engin.diri@ediri.de>
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-09-21 09:54:12 +02:00
dan-akeyless
680a3a4b8d
Feature/asm 11630 akeyless push secret (#3907)
* feat[ASM-11630]- Akeyless PushSecret: implement push, delete, exists

Signed-off-by: Dan Barak <dan.b@akeyless.io>

* feat[ASM-11630]- Akeyless PushSecret: contextualise token, add metrics, make new function interface friendly

Signed-off-by: Dan Barak <dan.b@akeyless.io>

* feat[ASM-11630]- Akeyless PushSecret: add test on SecretExists, PushSecret, DeleteSecret

Signed-off-by: Dan Barak <dan.b@akeyless.io>

* feat[ASM-11630]- Akeyless PushSecret: update documentations

Signed-off-by: Dan Barak <dan.b@akeyless.io>

* feat[ASM-11630]- Akeyless PushSecret: refactor metrics func names

Signed-off-by: Dan Barak <dan.b@akeyless.io>

* feat[ASM-11630]- Akeyless PushSecret: linting

Signed-off-by: Dan Barak <dan.b@akeyless.io>

* feat[ASM-11630]- Akeyless PushSecret: simplify push

Signed-off-by: Dan Barak <dan.b@akeyless.io>

* feat[ASM-11630]- Akeyless PushSecret: decrease code complexity and deduplicate

Signed-off-by: Dan Barak <dan.b@akeyless.io>

* feat[ASM-11630]- Akeyless PushSecret: check for token type assertion and decrease PushSecret complexity

Signed-off-by: Dan Barak <dan.b@akeyless.io>

---------

Signed-off-by: Dan Barak <dan.b@akeyless.io>
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-09-20 21:14:03 +02:00
Thibault Cohen
f4fc3b3a0d
Add attached file support to all onepassword secrets (#3901)
* Add attached file support to all onepassword secrets

Signed-off-by: Thibault Cohen <47721+titilambert@users.noreply.github.com>

* Small clean up

Signed-off-by: Thibault Cohen <47721+titilambert@users.noreply.github.com>

* Fix PR comments

Signed-off-by: Thibault Cohen <47721+titilambert@users.noreply.github.com>

* Fix sonarcloud issues

Signed-off-by: Thibault Cohen <47721+titilambert@users.noreply.github.com>

* Fix PR comments

Signed-off-by: Thibault Cohen <47721+titilambert@users.noreply.github.com>

* Fix PR comments

Signed-off-by: Thibault Cohen <47721+titilambert@users.noreply.github.com>

---------

Signed-off-by: Thibault Cohen <47721+titilambert@users.noreply.github.com>
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-09-20 19:17:09 +02:00
Nick Knowlson
5c22447c13
Add support for Vault kvv1 (#3790)
* Squash changes to prep for manual testing

Signed-off-by: Nick Knowlson <nick.knowlson@alayacare.com>

* remove commented out test data

Signed-off-by: Nick Knowlson <nick.knowlson@alayacare.com>

* update e2e test file

Signed-off-by: Nick Knowlson <nick.knowlson@alayacare.com>

---------

Signed-off-by: Nick Knowlson <nick.knowlson@alayacare.com>
Co-authored-by: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com>
2024-09-17 17:57:08 -03:00
Alexander Schaber
f73187dabb
New Generator for UUIDs (#3296)
* feat(generator/uuid): initial version

Signed-off-by: Alexander Schaber <a.schaber@cuegee.com>

* fix(generator/uuid): rename symbols in compliance with lint

Signed-off-by: Alexander Schaber <a.schaber@cuegee.com>

* fix(generator/uuid): rename unused vars to `_` to fix lint

Signed-off-by: Alexander Schaber <a.schaber@cuegee.com>

* docs(generator/uuid): initial documentation for uuid generator

Signed-off-by: Alexander Schaber <a.schaber@cuegee.com>

---------

Signed-off-by: Alexander Schaber <a.schaber@cuegee.com>
2024-09-08 19:54:47 +02:00
eso-service-account-app[bot]
21f1dca82e
chore: update dependencies (#3862)
* update dependencies

Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>

* fix alibaba breaking things again

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* commit modified templates because of version increase

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

---------

Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Co-authored-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-09-02 18:30:34 +02:00
Gergely Brautigam
c3dcd9adcd
fix: bitwarden API url to point to the correct default location (#3848)
* fix: bitwarden API url to point to the correct default location

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* explicitly remove trailing slashes to prevent not found error

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

---------

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-09-02 07:04:48 +02:00
Gergely Brautigam
1309c2c41b
fix: only replace data if it is in the middle of the path (#3852)
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-09-02 06:53:04 +02:00
Viktor Oreshkin
267e5ea9f1
fix: set grpc resolver explicitly in yandex (#3838)
use passthrough resolver to be consistent with ycsdk library, and to
work correctly in dual-stack environments until gRPC proposal A61 is
fully implemented in grpc-go

fixes #3837

Signed-off-by: Viktor Oreshkin <imselfish@stek29.rocks>
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-08-29 16:21:08 +02:00
Shlomo Zalman Heigh
a1722cbfaa
Use Conjur API's built in JWT functions (#3771)
* Use Conjur API's built in JWT functions

Signed-off-by: Shlomo Heigh <shlomo.heigh@cyberark.com>

* docs: clarify that all Conjur types are supported

Signed-off-by: Shlomo Heigh <shlomo.heigh@cyberark.com>

* docs: add link to Conjur blog post

Signed-off-by: Shlomo Heigh <shlomo.heigh@cyberark.com>

---------

Signed-off-by: Shlomo Heigh <shlomo.heigh@cyberark.com>
2024-08-28 21:54:04 +02:00
Tom Godkin
bc97ae06f6
Demonstrate new slices/maps packages (#3839) 2024-08-27 22:20:41 +02:00
Gergely Brautigam
34a1a50609
feat: implement GetSecretMap for Bitwarden provider (#3800)
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-08-27 10:43:15 +02:00
eso-service-account-app[bot]
233ede3e47
chore: update dependencies (#3836)
* update dependencies

Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>

* update gitlab provider interface

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

---------

Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Co-authored-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-08-27 08:34:33 +02:00
Tom Godkin
5e1934d284
Use maps package from standard library (#3828)
Signed-off-by: Tom Godkin <tomgodkin@pm.me>
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-08-26 12:24:56 +02:00
Gergely Brautigam
a5ddd97c21
chore: update go version of the project to 1.23 (#3829)
* chore: update go version of the project to 1.23

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* fixed an absurd amount of linter issues

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

---------

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-08-26 11:10:58 +02:00
eso-service-account-app[bot]
3414bd6428
chore: update dependencies (#3815) 2024-08-19 17:07:20 +02:00
Gergely Brautigam
82d419e2ee
feat: add CAProvider to Bitwarden provider (#3699)
* feat: add CAProvider to bitwarden

This change introduces a refactor as well since CAProvider
was used by multiple providers with diverging implementations.
The following providers were affected:
- webhook
- akeyless
- vault
- conjur
- kubernetes

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* refactored the Kubernetes provider to use create ca

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* refactor webhook, vault and kubernetes provider

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* rename CreateCACert to FetchCACertFromSource

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* addressed comments and autodecoding base64 data

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* check if the decoded value is a valid certificate

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

---------

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-08-16 12:32:35 +02:00
btfhernandez
77f5d0ad91
feat: add beyondtrust provider (#3683)
* feat: add beyondtrust provider

Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>

* feat: edit go.mod and go.sum files

Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>

* feat: change test file name (provider_test.go)

Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>

* feat: solve PR comments

Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>

* feat: organize attributes in a higher hierarchy

Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>

* fix: fix sonar cloud issues and go.mod file conflicts

Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>

* fix: fix PR comments and apply table driven tests

Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>

* fix: fix PR comments

Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>

* fix: fix lint issues

Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>

* fix: fix lint issues on tests

Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>

* fix: run make fmt

Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>

* fix: apply camelCase to yaml attributes

Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>

* fix: solve go.mod file conflict

Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>

* fix: run make check-diff

Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>

---------

Signed-off-by: Felipe Hernandez <fhernandez@beyondtrust.com>
Signed-off-by: btfhernandez <133419363+btfhernandez@users.noreply.github.com>
2024-08-07 09:27:04 +02:00
Victor Santos
7343875bf7
fix: decrypt remote secret for SecureString type (#3761) 2024-08-05 17:45:12 +02:00
Ketil
725c0549d1
feat: support pkcs12 with chain in pushsecret to Azure KeyVault (#3747)
Signed-off-by: Ketil Gjerde <477141+mysteq@users.noreply.github.com>
2024-08-02 10:21:10 +02:00
Gustavo Fernandes de Carvalho
af1ebd8817
feat: webhook secrets must be labeled (#3753)
BREAKING CHANGE: Webhook secrets now must be labeled for Webhook SecretStore

BREAKING CHANGE: Generator webhook labels changed

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
2024-07-31 13:45:33 -03:00
Gergely Brautigam
d5ca3161d6
feat: do not modify the secret in case of a NotModified (#3746)
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-07-31 12:29:21 +02:00
Gergely Brautigam
8c709cfa43
feat: add prefix definition to all secret keys for aws parameter store (#3718)
* feat: add prefix definition to all secret keys for aws parameter store

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* added a push secret test to verify called parameter has a prefix

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

---------

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-07-31 12:29:07 +02:00
Gergely Brautigam
2b51f8a8e1
feat: increase verbosity of error message during validation (#3742)
* feat: increase verbosity of error message during validation

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* removing Equal as we do not have the specific error message there

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

---------

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-07-29 15:04:35 +02:00
Roomba
196245c22c
remove redundant parameter grab call, we already have it from the getparamsbypathwctx() (#3722) 2024-07-29 07:08:06 +02:00
Engin Diri
4f62fb3963
feat: add PushSecret support for Pulumi ESC (#3597)
Signed-off-by: Engin Diri <engin.diri@ediri.de>
2024-07-25 09:00:17 +02:00
Gergely Brautigam
c078a88d9b
fix: add namespace to path and route construction (#3632)
* fix: add namespace to path and route construction

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* fix: use the correct namespace while restoring from auth namespace

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* added fix suggestion from Gustavo

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

---------

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-07-21 16:42:14 -03:00
Alok N
0fcf972a70
fix: aws secretexists returns true ifnotexists (#3684)
Signed-off-by: Alok N <alokme123@gmail.com>
2024-07-16 07:38:57 +02:00
abhinav1708
bdd0c7ec9a
support for adding headers in vault provider (#3677)
* support for vault headers

Signed-off-by: Abhinav Garg 10033523 <abhinav1708@gmail.com>

* changes in crds bases for headers support

Signed-off-by: Abhinav Garg 10033523 <abhinav1708@gmail.com>

* adding autogenerated files

Signed-off-by: Abhinav Garg 10033523 <abhinav1708@gmail.com>

* removing extra---

Signed-off-by: Abhinav Garg 10033523 <abhinav1708@gmail.com>

* adding headers before x-vault-Inconsistent

Signed-off-by: Abhinav Garg 10033523 <abhinav1708@gmail.com>

* changing for lint pass

Signed-off-by: Abhinav Garg 10033523 <abhinav1708@gmail.com>

---------

Signed-off-by: Abhinav Garg 10033523 <abhinav1708@gmail.com>
2024-07-15 11:27:06 +02:00
Malik
4758121676
Support for Oracle PushSecret.property #2911 (#3577)
* feat: push entire secret (oracle)

Signed-off-by: Malik Kennedy <mksybr@gmail.com>

* feat: push entire secret (oracle)

Signed-off-by: Malik Kennedy <mksybr@gmail.com>

---------

Signed-off-by: Malik Kennedy <mksybr@gmail.com>
2024-07-13 20:34:35 +02:00
RMeans
43ee65f957
Only URL encode data being passed to URLs (#3652) (#3674)
Signed-off-by: Ryan Means <ryan.means@pangea.cloud>
Co-authored-by: Ryan Means <ryan.means@pangea.cloud>
2024-07-10 16:29:42 -03:00
Bill Hamilton
1876ff88d7
Add support for Delinea Secret Server (#3468)
* implements secretserver

Signed-off-by: Bill Hamilton <bill.hamilton@delinea.com>

* bump to align e2e

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

* bump

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

---------

Signed-off-by: Bill Hamilton <bill.hamilton@delinea.com>
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
Co-authored-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
2024-07-10 14:32:17 -03:00
Shuhei Kitagawa
67fccd4fca
Allow specifying the same namespace for SecretStores (#3555)
* Allow specifying the same namespace for SecretStores

Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>

* Fix unit tests

Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>

---------

Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
2024-07-03 20:56:55 -03:00
Andrew Gunnerson
2053df7b7c
fix(vault): Treat tokens expiring in <60s as expired (#3637)
* fix(vault): Treat tokens expiring in <60s as expired

Without this, it's possible to hit a TOCTOU issue where checkToken()
sees a valid token, but it expires before the actual operation is
performed. This condition is only reachable when the experimental
caching feature is enabled.

60 seconds was chosen as a sane (but arbitrary) value. It should be more
than enough to cover the amount of time between checkToken() and the
actual operation.

Signed-off-by: Andrew Gunnerson <andrew.gunnerson@elastic.co>

* ADOPTERS.md: Add Elastic

Signed-off-by: Andrew Gunnerson <andrew.gunnerson@elastic.co>

---------

Signed-off-by: Andrew Gunnerson <andrew.gunnerson@elastic.co>
2024-07-03 20:56:38 -03:00