external-secrets

mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00

Author	SHA1	Message	Date
Moritz Johner	1e04177045	fix: fix validation method in kubernetes provider (#2000 ) RBAC allows a user to define a wildcard `` for a given field in the Resource Rule. Prefix/Suffix matching or globbing is not supported, just simple wildcards. For example the cluster-admin role has a `` on all apiVersion/resource/verbs and hence validation would fail. Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2023-02-13 09:33:38 +00:00
Moritz Johner	e72f371294	🐛 fix panic when using jwt without secretRef/saRef (#1980 ) Fixes #1957 Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2023-02-03 18:10:56 +00:00
Pedro Parra Ortega	c2054cc1bf	✨ add-keeper-security-provider (#1768 ) * add keepersecurity provider Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * 🧹chore: bumps (#1758) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * ✨Feature/push secret (#1315) Introduces Push Secret feature with implementations for the following providers: * GCP Secret Manager * AWS Secrets Manager * AWS Parameter Store * Hashicorp Vault KV Signed-off-by: Dominic Meddick <dominic.meddick@engineerbetter.com> Signed-off-by: Amr Fawzy <amr.fawzy@container-solutions.com> Signed-off-by: William Young <will.young@engineerbetter.com> Signed-off-by: James Cleveland <james.cleveland@engineerbetter.com> Signed-off-by: Lilly Daniell <lilly.daniell@engineerbetter.com> Signed-off-by: Adrienne Galloway <adrienne.galloway@engineerbetter.com> Signed-off-by: Marcus Dantas <marcus.dantas@engineerbetter.com> Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Nick Ruffles <nick.ruffles@engineerbetter.com> Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * Fixing release pipeline for boringssl (#1763) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * chore: bump 0.7.0-rc1 (#1765) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * added documentation Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * added pushSecret first iteration Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * added pushSecret and updated documentation Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * refactor client Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * update code and unit tests Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * fix code smells Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * fix code smells Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * fix custom fields Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> * making it reviewable Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> * fix custom field on secret map Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> * Update docs/snippets/keepersecurity-push-secret.yaml Co-authored-by: Moritz Johner <moolen@users.noreply.github.com> Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> * fixed edge case, improved validation errors and updated docs Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> * fix logic retrieving secrets Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> * Update pkg/provider/keepersecurity/client.go Co-authored-by: Moritz Johner <moolen@users.noreply.github.com> Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> * lint code Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> * linting code Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> * go linter fixed Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> * fix crds and documentation Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> --------- Signed-off-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Dominic Meddick <dominic.meddick@engineerbetter.com> Signed-off-by: Amr Fawzy <amr.fawzy@container-solutions.com> Signed-off-by: William Young <will.young@engineerbetter.com> Signed-off-by: James Cleveland <james.cleveland@engineerbetter.com> Signed-off-by: Lilly Daniell <lilly.daniell@engineerbetter.com> Signed-off-by: Adrienne Galloway <adrienne.galloway@engineerbetter.com> Signed-off-by: Marcus Dantas <marcus.dantas@engineerbetter.com> Signed-off-by: Nick Ruffles <nick.ruffles@engineerbetter.com> Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> Co-authored-by: Pedro Parra Ortega <pedro.parraortega@enreach.com> Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com> Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>	2023-02-03 15:27:21 +01:00
Moritz Johner	6da8b96d4d	🐛 remove ability to call env and expandenv in webhook (#1977 ) This allows an attacker to exfiltrate environment variables. Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2023-02-03 13:23:03 +01:00
Gustavo Fernandes de Carvalho	a1f8a8adc7	🐛 Fixing PushSecret CRD generation (#1967 ) * Fixing PushSecret CRD generation Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * fix: increase hashicorp vault cache size to prevent eviction Also remove tiny cache size from e2e tests Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> --------- Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>	2023-02-02 00:30:10 +01:00
Thibault Cohen	ff88395c09	Add jsonpath filter support to webhook (#1940 ) * Add jsonpath filter support to webhook Signed-off-by: Thibault Cohen <47721+titilambert@users.noreply.github.com> * Fix tests Signed-off-by: Thibault Cohen <47721+titilambert@users.noreply.github.com> Signed-off-by: Thibault Cohen <47721+titilambert@users.noreply.github.com>	2023-01-24 15:30:20 +01:00
Thibault Cohen	6862c9c637	✨ Support template for webhook jsonpath (#1939 ) * Support template for webhook jsonpath Signed-off-by: Thibault Cohen <47721+titilambert@users.noreply.github.com>	2023-01-23 19:43:50 +01:00
Gareth Evans	ac9993f151	📚 use more inclusive language (#1927 ) Signed-off-by: Gareth Evans <gareth@bryncynfelin.co.uk>	2023-01-19 13:31:51 -03:00
Moritz Johner	5ef3b23a68	feat: make cache generic, refactor feature flags (#1640 ) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2023-01-19 17:25:47 +01:00
Gustavo Fernandes de Carvalho	769efdc391	✨ Feature/deletion policies (#1914 ) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>	2023-01-19 06:37:19 -03:00
Moritz Johner	736b287b6d	✨ implement azure referent auth (#1886 ) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2023-01-13 18:30:34 +00:00
Gustavo Fernandes de Carvalho	833658699d	✨ Adds Keyvault PushSecret (#1883 ) * Adds Keyvault PushSecret Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>	2023-01-13 07:13:37 -03:00
Moritz Johner	5384954f46	aws secretsmanager/parameterstore referent auth (#1884 ) * feat: implement referentAuth for aws Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * feat: e2e tests Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * Update pkg/provider/aws/provider.go Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Moritz Johner <moolen@users.noreply.github.com> * Update pkg/provider/aws/provider.go Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Moritz Johner <moolen@users.noreply.github.com> * feat: allow each credential to be referent Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <moolen@users.noreply.github.com> Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>	2023-01-13 10:19:25 +01:00
Hiroshi Muraoka	f4e70ddfed	🐛 GCP: prevent goroutine leak on workload identity reconciliation (#1902 ) Signed-off-by: Hiroshi Muraoka <h.muraoka714@gmail.com>	2023-01-12 09:27:01 -03:00
Moritz Johner	11c61d8581	feat: referent auth for gcp (#1887 ) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2023-01-10 14:40:42 +01:00
cspargo	fdc21faf61	✨ AWS Role Chaining (#1855 ) Signed-off-by: cspargo <colinspargo@gmail.com>	2023-01-08 11:49:22 -03:00
Gustavo Fernandes de Carvalho	0d08e0497e	✨ Implements Deletion policy for Hashicorp vault. (#1879 ) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>	2023-01-06 13:40:42 -03:00
Gustavo Fernandes de Carvalho	a051da82cf	🐛 Fixes vault PushSecret logic (#1866 ) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>	2023-01-06 13:17:18 -03:00
Dominik Zeiger	6c7e5cecce	🐛 gitlab: Fallback to wildcard variables and use pagination (bugfix) (#1838 ) * gitlab: fallback to wildcard variables when using "GetAllSecrets" Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>	2023-01-04 17:58:55 +01:00
Gustavo Fernandes de Carvalho	0bd9ea4dbd	✨ Templates from string (#1748 ) * Adds templates from string Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>	2023-01-03 19:02:43 -03:00
Gustavo Fernandes de Carvalho	ed173dcf77	chore: bumps (#1852 ) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>	2023-01-03 22:11:59 +01:00
Gustavo Fernandes de Carvalho	2f5fe6c594	🧹chore: bumps (#1792 ) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>	2022-12-07 14:40:51 -03:00
Moritz Johner	0bdb51a568	fix sync calls metrics & defer patch status (#1770 ) * fix: increment sync_calls_total metric once per reconciliation Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: patch status only if not skipped Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: unit tests Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2022-12-04 11:41:01 +01:00
Dominik Zeiger	8a0f711e96	gitlab: allow fallback to wildcard variable, when no environment specific value is defined (#1772 ) Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>	2022-12-03 09:35:06 +01:00
Gustavo Fernandes de Carvalho	0cb799b5cf	✨Feature/push secret (#1315 ) Introduces Push Secret feature with implementations for the following providers: * GCP Secret Manager * AWS Secrets Manager * AWS Parameter Store * Hashicorp Vault KV Signed-off-by: Dominic Meddick <dominic.meddick@engineerbetter.com> Signed-off-by: Amr Fawzy <amr.fawzy@container-solutions.com> Signed-off-by: William Young <will.young@engineerbetter.com> Signed-off-by: James Cleveland <james.cleveland@engineerbetter.com> Signed-off-by: Lilly Daniell <lilly.daniell@engineerbetter.com> Signed-off-by: Adrienne Galloway <adrienne.galloway@engineerbetter.com> Signed-off-by: Marcus Dantas <marcus.dantas@engineerbetter.com> Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Nick Ruffles <nick.ruffles@engineerbetter.com>	2022-11-29 16:04:46 -03:00
Dominik Zeiger	117e93b4ed	gitlab: small documentation updates (#1747 ) Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>	2022-11-24 20:50:35 +01:00
Steven Bressey	b5be79de98	Feature: Add secret metadata templating from secret values (#1740 ) * handle template data for secret labels & annotations Signed-off-by: Steven Bressey <steven.bressey@artifakt.io>	2022-11-23 22:29:59 +01:00
Dominik Zeiger	b7100e27a0	gitlab: support "environment_scope" tag for findAll (#1732 ) Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>	2022-11-23 22:22:35 +01:00
Dominik Zeiger	f38f40a2b4	gitlab: support for CI/CD group variables (#1692 ) * gitlab: support for ci/cd group variables Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> * gitlab: support for ci/cd group variables (automatically discover project groups) Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> * gitlab: support for ci/cd group variables (documentation) Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>	2022-11-21 22:26:34 +01:00
Gustavo Fernandes de Carvalho	bd4495814b	🧹Bumping versions (#1708 ) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>	2022-11-09 17:44:07 -03:00
Dominik Zeiger	6ec0d2cd95	✨gitlab: getAllSecrets (#1681 ) * gitlab: getAllSecrets Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> * Update pkg/provider/gitlab/gitlab.go Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Dominik Zeiger <domizei385@users.noreply.github.com> Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> * gitlab: added some test coverage Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> Signed-off-by: Dominik Zeiger <domizei385@users.noreply.github.com> Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>	2022-11-01 15:09:36 -03:00
Gustavo Fernandes de Carvalho	d1fa28532d	🧹 chore: bumping versions (#1688 ) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>	2022-10-31 06:54:52 -03:00
Moritz Johner	dabfa5a589	Feature: initial generator implementation + Github Actions OIDC/AWS (#1539 ) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>	2022-10-29 20:15:50 +02:00
Moritz Johner	411f03ffe1	fix: allow controller to `delete` delete externalsecrets (#1670 ) When using ClusterExternalSecret the controller needs to delete external-secret resources Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2022-10-26 23:23:15 +02:00
Gustavo Fernandes de Carvalho	d5cc8b3de5	🐛 Implements new buildPath logic (#1636 ) Signed-off-by: Gustavo <gusfcarvalho@gmail.com>	2022-10-26 15:19:25 -03:00
Martin Schimandl	6ca30a762a	Implement oracle validator (#1592 ) * Implement oracle validator Signed-off-by: Martin Schimandl <martin.schimandl@gmail.com> * Add more granular OCI error handling Signed-off-by: Martin Schimandl <martin.schimandl@gmail.com> * Remove two newlines the linter does not like Signed-off-by: Martin Schimandl <martin.schimandl@gmail.com> Signed-off-by: Martin Schimandl <martin.schimandl@gmail.com>	2022-10-25 23:32:40 +02:00
Yannay Hammer	14f5ddf198	Added namespace condition to ClusterSecretStore (#1635 ) * Added namespace condition to ClusterSecretStore Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Added the new conditions field to the docs Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Added tests to ClusterSecretStore namespace conditions Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Added some comments to explain tests better Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Fixed a testcase Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Increased golangci timeout to 10m Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Fixed test to use fakeProvider correctly Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Removed hardcoded timeout from make lint Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Improved error message on non matching namespace Co-authored-by: Moritz Johner <moolen@users.noreply.github.com> Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Modified testCase to use GenericStore interface Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Attempt at generalizing the testcase and reducing code duplication Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Reduced some diff Signed-off-by: Yannay Hammer <yannayha@gmail.com> * fix: tidy e2e mod Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Yannay Hammer <yannayha@gmail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: Docs <docs@external-secrets.io> Co-authored-by: Moritz Johner <moolen@users.noreply.github.com> Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>	2022-10-17 16:40:18 +02:00
dependabot[bot]	27d0cd72f5	chore(deps): bump sigs.k8s.io/controller-runtime from 0.12.3 to 0.13.0 (#1547 ) * chore(deps): bump sigs.k8s.io/controller-runtime from 0.12.3 to 0.13.0 Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.12.3 to 0.13.0. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/master/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.12.3...v0.13.0) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * fix: remove dependency on crossplane-runtime/pkg/test Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>	2022-10-13 20:24:56 +02:00
Eng Zer Jun	0c9efa67b0	test: use `T.Setenv` to set env vars in tests (#1611 ) This commit replaces `os.Setenv` with `t.Setenv` in tests. The environment variable is automatically restored to its original value when the test and all its subtests complete. Reference: https://pkg.go.dev/testing#T.Setenv Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>	2022-10-06 22:05:42 +02:00
Nic Eggert	773956f5d3	Add optional caching for Vault clients, including token re-use. (#1537 ) The new functionality is controlled using the newly-introduced --experimental-enable-vault-token-cache and --experimental-vault-token-cache-size command-line flags. Signed-off-by: NicEggert <nicholas.eggert@target.com>	2022-09-30 20:41:36 +02:00
Dominik Zeiger	fa38fe1e60	enable configuration of environment_scope for gitlab provider (#1565 ) * enable configuration of environment_scope for gitlab provider Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>	2022-09-27 22:08:38 +02:00
Ryan Blunden	f01e13f21b	Add Doppler provider (#1573 ) * Add Doppler provider Signed-off-by: Ryan Blunden <ryan.blunden@doppler.com>	2022-09-23 22:47:25 +02:00
Sebastián Gómez	cef547e473	fix: unmarshal JSON error when empty secrets in Vault (#1512 ) Signed-off-by: Sebastián Gómez <sebastiangomezcorrea@gmail.com>	2022-09-14 22:26:10 +02:00
Rhaenys	7397243ca0	New Duration Metric (#1533 ) Signed-off-by: Cristina DE DIOS GONZALEZ <cristina.dedios@amadeus.com>	2022-09-12 19:19:45 +02:00
Moritz Johner	af367e9933	chore: refactor provider (#1529 ) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2022-09-12 14:55:46 +02:00
renanaAkeyless	ed59520674	added akeyless k8s auth option (#1531 ) * added akeyless k8s auth option Signed-off-by: Docs <renana@akeyless.io>	2022-09-11 13:25:29 +02:00
Moritz Johner	ed0ceb8d84	fix: aws parameter store json decode, bump go 1.19 (#1525 ) * fix: parameter store should decode complex json values Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2022-09-06 19:46:36 +02:00
Marcel Hoyer	17ece4df8f	flip order of `err` and nil `secret` variable check in `listSecrets()` function of vault provider (#1504 ) Signed-off-by: Marcel Hoyer <mhoyer@pixelplastic.de>	2022-08-31 14:35:42 +02:00
dependabot[bot]	67fedc840e	✨ Kubernetes v1.24 upgrade (#1345 ) * build(deps): bump sigs.k8s.io/controller-runtime from 0.11.2 to 0.12.3 Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.11.2 to 0.12.3. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/master/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.11.2...v0.12.3) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * feat: bump kubernetes 1.24 Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: backwards-compatible vault implementation Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * feat: add audiences field to serviceAccountRef This will be used by aws, azure, gcp, kubernetes & vault providers in combination with TokenRequest API: it will _append_ audience claims to provider-specific audiences. Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * feat: refactor kubernetes client to match provider/client interfaces the kubernetes provider mixed up provider and client interfaces which made it really hard to reason about. This commit separates into two structs, each implements one interface. The client struct fields have been renamed and annotated so their use and scope is clear. Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: deprecate expirationSeconds expirationSeconds is not needed because we generate a service account token on the fly for a single use. There will be no replacement for this. Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: rename token fetch audiences field Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: generate CRDs Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>	2022-08-19 17:32:06 +02:00
Moritz Johner	2d20b5488e	feat: add azkv.environmentType (#1469 ) users of USGovCloud, ChinaCloud, GermanCloud need slightly different configuration for AADEndpoint and keyvault resource. This is based on CSI Secret Store Azure KV driver, Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2022-08-18 00:12:44 +02:00
Moritz Johner	8e245f6073	fix: remove convertKeys from aws providers (#1470 ) ConvertKeys is called in the external secrets controller which takes care of mapping the keys. Calling it before returning the data is a bug as it interferes with the new rewrite feature. Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2022-08-17 15:36:02 +02:00
stephen-dexda	e64acea549	fix: AWS attr. dot check off-by-one error (#1459 ) * Fix off-by-one in check for dot in JSON attr. name Signed-off-by: stephen-dexda <stephen@dexda.io>	2022-08-15 21:44:32 +02:00
dependabot[bot]	bf21843eba	⬆️github.com/akeylesslabs/akeyless-go/v2 from 2.16.8 to 2.17.0 (#1438 ) * Bump github.com/akeylesslabs/akeyless-go/v2 from 2.16.8 to 2.17.0 Bumps [github.com/akeylesslabs/akeyless-go/v2](https://github.com/akeylesslabs/akeyless-go) from 2.16.8 to 2.17.0. - [Release notes](https://github.com/akeylesslabs/akeyless-go/releases) - [Changelog](https://github.com/akeylesslabs/akeyless-go/blob/master/docs/KmipRenewServerCertificate.md) - [Commits](https://github.com/akeylesslabs/akeyless-go/compare/v2.16.8...v2.17.0) --- updated-dependencies: - dependency-name: github.com/akeylesslabs/akeyless-go/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Fixing linting issues Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gustavo Carvalho <gusfcarvalho@gmail.com>	2022-08-11 14:32:04 -03:00
Kewei Ma	53443eaadf	Fix provisionedNamespaces in Status field of ClusterExternalSecret keeps getting updated non-stop (#1441 ) Signed-off-by: Kewei Ma <kewei@indeed.com>	2022-08-09 17:55:34 +02:00
Gustavo Fernandes de Carvalho	b4e7acfaa9	✨Implements dataFrom key rewrite (#1381 ) * Implements dataFrom key rewrite Co-authored-by: Moritz Johner <moolen@users.noreply.github.com> Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * docs: add example to remove invalid characters Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: Moritz Johner <moolen@users.noreply.github.com> Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>	2022-08-04 15:24:02 -03:00
Moritz Johner	6593e06561	fix: handle empty conversionStrategy (#1408 ) This is for the case when the conversion webhook does not set the conversionStrategy properly (it doesn't run the Defaulter). Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2022-08-01 19:44:09 +02:00
Mike	fdf1f9ce6f	feat: Add support for container auth to IBM provider. (#1177 )	2022-07-26 22:48:07 +02:00
david amick	524e33bbeb	🧹Improve 1Password integration and docs (#1340 )	2022-07-26 09:07:48 -03:00
Stanislaw Scherban	eb8e614755	retryer implementation to handle throttling exceptions on AWS (#1331 ) * awsretryer implemented for AWS providers	2022-07-19 20:00:46 +02:00
Gustavo Fernandes de Carvalho	fa91ba0f6c	✨ Adds DecodingStrategy to ExternalSecrets (#1294 ) Fixes #920 Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>	2022-07-12 09:18:00 -03:00
paul-the-alien[bot]	c42c48911e	Merge pull request #1283 from external-secrets/mj-fix-aws-token-aud fix: respect aud annotation at IRSA	2022-06-22 14:17:48 +00:00
paul-the-alien[bot]	240b8db4f0	Merge pull request #1244 from albertollamaso/reuse-aws-session Once the AWS session is created first time, it can be reused	2022-06-22 13:20:37 +00:00
Alberto Llamas	e31a408e1d	update	2022-06-22 07:24:26 +02:00
Moritz Johner	8f85e53f17	fix: respect aud annotation at IRSA	2022-06-21 23:33:24 +02:00
Alberto Llamas	629d2f391c	fix	2022-06-21 12:14:36 +02:00
Alberto Llamas	5ec222dfd0	update	2022-06-21 11:52:01 +02:00
Alberto Llamas	c3335907ac	Fix recommendations from go-lint	2022-06-18 13:05:47 +02:00
Alberto Llamas	ad63b74c9f	Reuse AWS session as feature gate that a user has to opt-in in order to use it	2022-06-18 10:54:47 +02:00
paul-the-alien[bot]	94024a144b	Merge pull request #1257 from external-secrets/bug-1137 Azure KeyVault decoding bugs	2022-06-15 21:20:44 +00:00
Moritz Johner	cff9be1664	feat(kubernetes): allow service account auth (#1201 ) * feat(kubernetes): allow service account auth Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2022-06-13 21:49:05 +02:00
Alberto Llamas	909d137a83	Removing newlines	2022-06-13 20:36:58 +02:00
Alberto Llamas	cb6f66b5ac	Fix aws session logic	2022-06-13 20:24:25 +02:00
Sebastián Gómez	9bc7eb1436	Remove codesmell	2022-06-13 11:56:38 -04:00
Sebastián Gómez	4ae98fc995	Removed code smell and simplified use of tags	2022-06-13 11:40:01 -04:00
Sebastián Gómez	65e93fa992	Code refactoring	2022-06-13 09:28:11 -04:00
Sebastián Gómez	aed1719697	Lint fixes	2022-06-13 09:27:54 -04:00
paul-the-alien[bot]	e4fbc633a1	Merge pull request #1254 from marcincuber/feat/yaml Adding toYaml fromYaml helper functions	2022-06-11 12:19:50 +00:00
marcincuber	c8f13a0e1a	fix test	2022-06-11 12:15:13 +01:00
marcincuber	a1e7862698	add tests	2022-06-11 11:15:06 +01:00
Sebastián Gómez	7714c29c87	Merge branch 'main' into bug-1137	2022-06-10 17:09:03 -04:00
Sebastián Gómez	b4dcffbf86	Fix cases with properties and json	2022-06-10 17:07:42 -04:00
Rhaenys	f005cc0346	azkv more unittest coverage (#1149 )	2022-06-10 22:09:59 +02:00
marcincuber	5fe3b2d810	lint	2022-06-10 11:09:46 +01:00
marcincuber	efc8ede754	add yaml helper functions	2022-06-10 11:04:59 +01:00
Alberto Llamas	d64941ece9	Once the AWS session is created first time, it can be reused	2022-06-07 10:25:30 +02:00
paul-the-alien[bot]	94aa568929	Merge pull request #1173 from external-secrets/dependabot/go_modules/github.com/1Password/connect-sdk-go-1.4.0 build(deps): bump github.com/1Password/connect-sdk-go from 1.2.0 to 1.4.0	2022-06-07 08:19:24 +00:00
Docs	cc1043d3a6	Update fakes to implement client for 1Password/connect-sdk-go v1.4.0	2022-06-01 16:38:41 -07:00
Gustavo Carvalho	e6f050e873	make sure we check if it is referent during NewClient Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>	2022-06-01 13:15:36 -03:00
Gustavo Carvalho	a01a23bfc1	fixing panic if using JWT with KubernetesServiceAccountToken Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>	2022-05-31 11:40:00 -03:00
Sebastián Gómez	c5909fb966	Fix the first case, nested json. Test was also added	2022-05-30 11:05:20 -04:00
Moritz Johner	8c14f8aff0	fix: loosen validation to enable referent auth. also adding tests for vault. this is the only provider that supports that as of now. Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2022-05-23 20:10:16 +02:00
Moritz Johner	d4e9a56c21	fix: correctly convert matchExpressions to labelSelector (#1165 ) Fixes #1155 Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2022-05-23 10:48:54 +02:00
Nitzan Nissim	97126d9798	Add support for IBM Secrets Manager's Private Certificate (#1160 ) * Use gsed on macos. Signed-off-by: Marcin Kubica <marcin.kubica@engineerbetter.com> * Add private_cert support * Add private_cert support Co-authored-by: Marcin Kubica <marcin.kubica@engineerbetter.com>	2022-05-21 22:53:31 +02:00
paul-the-alien[bot]	1a6579b876	Merge pull request #1062 from dreadful-dragon/feature/azkv-tags-sync azkv tag feature	2022-05-20 15:51:50 +00:00
paul-the-alien[bot]	3de2cc8bee	Merge pull request #1040 from AndreyZamyslov/yandex-certificate-manager Support for Yandex Certificate Manager	2022-05-17 16:48:58 +00:00
Cristina DE DIOS GONZÁLEZ	3256bc4b82	azkv tag feature	2022-05-16 16:49:34 +02:00
paul-the-alien[bot]	49f4bad35d	Merge pull request #1108 from hydeenoble/provider/alibaba Implemented ValidateStore function for Alibaba Provider	2022-05-13 22:21:03 +00:00
Docs	f4f2170502	"GetAllSecrets not implemented" -> "GetAllSecrets not supported"	2022-05-13 13:10:56 +03:00
Matt Demers	b004894b77	Add support for referencing secrets manager secrets by their VersionId	2022-05-11 16:30:30 -04:00
paul-the-alien[bot]	73a467479d	Merge pull request #1006 from Simspace/1Password Add 1Password support	2022-05-09 19:55:56 +00:00

1 2 3 4 5 ...

638 commits