* Adding the details for chef provider secret store.
Issue: https://github.com/external-secrets/external-secrets/issues/2905
This commit intends to add the chef provider structure to the existing list of external-secrets providers.
It defines the structure of the SecretStore and ClusterSecretStore for chef Provider.
The yaml resource will contain 3 important parts to identify and connect to chef server to reconcile secrets. They are:
1. serverurl: This is the URL to the chef server.
2. username: The username to connect to the chef server.
3. auth: The password to connect to the chef server. It is a reference to an already existing kubernetes secret containing the password.
This commit also contains the auto generated CRDs using the `make generate` command.
Signed-off-by: Subroto Roy <subrotoroy007@gmail.com>
* Implementation for Chef ESO provided
Signed-off-by: vardhanreddy13 <vvv.vardhanreddy@gmail.com>
* - implemented Chef eso, added required methods
- added unit test cases
- added sample documentation
Issue: https://github.com/external-secrets/external-secrets/issues/2905
Signed-off-by: Sourav Patnaik <souravpatnaik123@gmail.com>
* Added Documentation for Authentication
Signed-off-by: Subroto Roy <subrotoroy007@gmail.com>
* added documentation for Chef eso
Issue: https://github.com/external-secrets/external-secrets/issues/2905
Signed-off-by: Sourav Patnaik <souravpatnaik123@gmail.com>
* Updated chef ESO documentation
Signed-off-by: vardhanreddy13 <vvv.vardhanreddy@gmail.com>
* updated ValidateStore method signature
Issue: https://github.com/external-secrets/external-secrets/issues/2905
Signed-off-by: Sourav Patnaik <souravpatnaik123@gmail.com>
* made changes in chef provider to satisfy 'make docs'
Issue: https://github.com/external-secrets/external-secrets/issues/2905
Signed-off-by: Sourav Patnaik <souravpatnaik123@gmail.com>
* - updated code as per review comment, make reviewable suggestions
Issue: https://github.com/external-secrets/external-secrets/issues/2905
Signed-off-by: Sourav Patnaik <souravpatnaik123@gmail.com>
* modified chef provider code as per review comment
Issue: https://github.com/external-secrets/external-secrets/issues/2905
Signed-off-by: Sourav Patnaik <souravpatnaik123@gmail.com>
---------
Signed-off-by: Subroto Roy <subrotoroy007@gmail.com>
Signed-off-by: vardhanreddy13 <vvv.vardhanreddy@gmail.com>
Signed-off-by: Sourav Patnaik <souravpatnaik123@gmail.com>
Co-authored-by: Subroto Roy <subrotoroy007@gmail.com>
Co-authored-by: vardhanreddy13 <vvv.vardhanreddy@gmail.com>
* 2963 - removed duplicated annotations
Signed-off-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>
* 2963 - updated documentation to use kv secret types with v1beta1 apiVersion
Signed-off-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>
* 2963 - minor yaml corrections
Signed-off-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>
* added some example for v2 literal templating (#3007)
Signed-off-by: Robert Paschedag <robert.paschedag@sap.com>
Co-authored-by: Robert Paschedag <robert.paschedag@sap.com>
Signed-off-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>
---------
Signed-off-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>
Signed-off-by: Robert Paschedag <robert.paschedag@sap.com>
Co-authored-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>
Co-authored-by: Robert Paschedag <robert.paschedag@web.de>
Co-authored-by: Robert Paschedag <robert.paschedag@sap.com>
* feat: add templating to PushSecret
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* adding unit tests around templating basic concepts and verifying output
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* extracting some of the common functions of the parser
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* remove some more duplication
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* removed commented out code segment
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* added documentation for templating feature
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* simplified the templating for annotations and labels
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
---------
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
The `scope` parameter used to be the ACR url foobar.azurecr.io, but
this stopped working. Turns out that you need to use the management
endpoint as `scope` in order to authenticate with ACR.
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* Docs - add note clarifying how to use filterpem for future readers
Signed-off-by: arnoldrw <arnold.rw@pg.com>
* Update docs/guides/templating.md
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Signed-off-by: Ryan Arnold <51235300+arnoldrw@users.noreply.github.com>
---------
Signed-off-by: arnoldrw <arnold.rw@pg.com>
Signed-off-by: Ryan Arnold <51235300+arnoldrw@users.noreply.github.com>
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* docs: Recommend use of Workload Identity for Azure Key Vault
Mentions AAD Pod Identity is deprecated and updates overview
of supported authentication modes for Azure Key Vault.
This removes "should use aad-pod-identity" wording, see
https://github.com/external-secrets/external-secrets/discussions/2901
Signed-off-by: Mateusz Łoskot <mateusz@loskot.net>
* docs: Fix missing link to Multi-Tenancy Guide
Signed-off-by: Mateusz Łoskot <mateusz@loskot.net>
* docs: Fix typos
Capitalise own names.
Signed-off-by: Mateusz Łoskot <mateusz@loskot.net>
---------
Signed-off-by: Mateusz Łoskot <mateusz@loskot.net>
* feat: allow pushing the whole secret to the provider
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* add documentation about pushing a whole secret
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* disabling this feature for the rest of the providers for now
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* added scenario for update with existing property
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
---------
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
fix: deprecate sourceRef.generatorRef from .data[]
A generator is supposed to be used via .dataFrom[]. Usage in .data[]
is not implemented and doesn't make sense, see #2720.
This commit splits the SourceRef into two types:
- one that only defines a secretStoreRef
- one that allows to define either secretStoreRef or generatorRef
The former is used in .data[] and the latter is used in .dataFrom[].
The Deprecated field is going to be removed with v1.
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Whilst implementing integration with Vaultwarden I noticed that the local vault was not being updated. I had to add "force=true" to the sync api call for it to work as expected.
Signed-off-by: Gary Hodgson <gary.s.hodgson@gmail.com>
* feat: add path support for scaleway provider
Signed-off-by: Florent Viel <fviel@scaleway.com>
* feat: update scaleway testcases for path support
Signed-off-by: Florent Viel <fviel@scaleway.com>
* docs: update scaleway doc to add path support
Signed-off-by: Florent Viel <fviel@scaleway.com>
* fix: change func signature to make linter pass
Signed-off-by: Florent Viel <fviel@scaleway.com>
---------
Signed-off-by: Florent Viel <fviel@scaleway.com>
Add namespace to secretRef.privatekey and secretRef.fingerprint in oracle provider example at full-cluster-secret-store.yaml to avoid confusion like in #2727
Signed-off-by: antoniolago <45375617+antoniolago@users.noreply.github.com>
* Add JWT Auth to Conjur Provider
Signed-off-by: Kieran Bristow <kieran.bristow@absa.africa>
* Update docs for Cyberark Conjur Provider
Signed-off-by: Kieran Bristow <kieran.bristow@absa.africa>
* Update test suite to cover new functionality
Signed-off-by: Kieran Bristow <kieran.bristow@absa.africa>
* Run make reviewable
Signed-off-by: Kieran Bristow <kieran.bristow@absa.africa>
* Set MinVersion for tls.Config to satisfy linting
Signed-off-by: Kieran Bristow <kieran.bristow@absa.africa>
* Move ca bundle config example to a yaml snippet
Signed-off-by: Kieran Bristow <kieran.bristow@absa.africa>
* fix: consolidate naming
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* fix: consolidate naming
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* docs: make it a working example
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* Remove JWT expiration handling logic
Signed-off-by: Kieran Bristow <kieran.bristow@absa.africa>
* Run make fmt
Signed-off-by: Kieran Bristow <kieran.bristow@absa.africa>
---------
Signed-off-by: Kieran Bristow <kieran.bristow@absa.africa>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
* Report not ready when no namespace matches
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
* Fix flaky a test
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
* Simplify ClusterExternalSecret status
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
---------
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
* Ensure use of BuildKit in the Docker builds
The builds rely on `TARGETOS` and `TARGETARCH` being set, which is
automatically accomplished by the new builder.
Add the explicit envvar selector in the Makefile, until most users
update to docker 23+.
Signed-off-by: Andrea Stacchiotti <andreastacchiotti@gmail.com>
* Update docker build command in developer guide
Signed-off-by: Andrea Stacchiotti <andreastacchiotti@gmail.com>
* Introduce RetrySettings support for Hashicorp Vault
Leave default retries to 0 (not the default of the vault sdk of 2),
as this was decided in abec2a64cc .
Signed-off-by: Andrea Stacchiotti <andreastacchiotti@gmail.com>
---------
Signed-off-by: Andrea Stacchiotti <andreastacchiotti@gmail.com>
* Integrate Cloak Secrets
Signed-off-by: Ian Purton <ian.purton@gmail.com>
* Fix link
Signed-off-by: Ian Purton <36966+ianpurton@users.noreply.github.com>
---------
Signed-off-by: Ian Purton <ian.purton@gmail.com>
Signed-off-by: Ian Purton <36966+ianpurton@users.noreply.github.com>
* Adding documentation for populating Kubernetes Secret with metadata from IBM Cloud Secrets Manager
Signed-off-by: Vishal Singha Roy <vishal.singha.roy@ibm.com>
* Rephrasing a few lines
Signed-off-by: Vishal Singha Roy <vishal.singha.roy@ibm.com>
---------
Signed-off-by: Vishal Singha Roy <vishal.singha.roy@ibm.com>
Co-authored-by: Vishal Singha Roy <vishal.singha.roy@ibm.com>
* chore: remove unused servicemonitor-values from helm-chart
The templates for the servicemonitors of the webhook-deployment and the
certController have been removed in
https://github.com/external-secrets/external-secrets/pull/2136. This
commit removes the corresponding values in the values.yaml which are now
obsolete.
Signed-off-by: alexanderwoehler <alexander@woehler.org>
* docs: remove references to deleted servicemonitor-values from docs
Signed-off-by: alexanderwoehler <alexander@woehler.org>
---------
Signed-off-by: alexanderwoehler <alexander@woehler.org>
* Add Conjur provider
Signed-off-by: David Hisel <David.Hisel@CyberArk.com>
* fix: lint
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* fix: unit tests
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
---------
Signed-off-by: David Hisel <David.Hisel@CyberArk.com>
Signed-off-by: David Hisel <132942678+davidh-cyberark@users.noreply.github.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
* feat: added session tag capability to assume role
modified apis/externalsecrets/v1beta1/secretstore_aws_types.go to expect session tags and transitive tags structs
modified pkg/provider/aws/auth/auth.go to pass session tags if they exist
Signed-off-by: Nima Fotouhi <fotouhi@live.com>
* fix: make build errors (JSON serialization error)
modified apis/externalsecrets/v1beta1/secretstore_aws_types.go to include a new custom struct (Tag) used with SessionTags instead of []*sts.Tag
modified pkg/provider/aws/auth/auth.go to convert custom Tag struct to sts.Tag before passing to assume role API call
Signed-off-by: Nima Fotouhi <fotouhi@live.com>
* removed unnecessary commented out code
Signed-off-by: Nima Fotouhi <fotouhi@live.com>
* chore(deps): bump actions/setup-python from 4.6.0 to 4.6.1 (#2366)
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.6.0 to 4.6.1.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v4.6.0...v4.6.1)
---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Nima Fotouhi <fotouhi@live.com>
* 📚 Update stability-support.md (#2363)
Staring 0.82, IBM Cloud Secrets Manager supports fetching secrets by name as well as ID.
Signed-off-by: Idan Adar <iadar@il.ibm.com>
Signed-off-by: Nima Fotouhi <fotouhi@live.com>
* feat: ran make reviewable tasks (except for docs)
Signed-off-by: Nima Fotouhi <fotouhi@live.com>
* refractor: made addition of TransitiveTagKeys to setAssumeRoleOptions dependant to presence of SessionTags. So if user includes Transitive Tags in SecretStore definition without Session Tags, tags get ignored
Signed-off-by: Nima Fotouhi <fotouhi@live.com>
---------
Signed-off-by: Nima Fotouhi <fotouhi@live.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Idan Adar <iadar@il.ibm.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Idan Adar <iadar@il.ibm.com>
* update documentation
Signed-off-by: Luke Arntz <luke@blue42.net>
* default to GetParametersByPathWithContext
Add GetParametersByPathWithContext. To maintain backward compatibility moved the original `findByname` function to `fallbackFindByName` and created a new `findByName` function that uses the `GetParametersByPathWithContext` API call.
In function `findByName`, if we receive an `AccessDeniedException` when calling GetParametersByPathWithContext `return pm.fallbackFindByName(ctx, ref)`.
Signed-off-by: Luke Arntz <luke@blue42.net>
* feat: notify users about ssm permission improvements
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* fix: get parameters recursively and decrypt them
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
---------
Signed-off-by: Luke Arntz <luke@blue42.net>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
* IBM Provider: enable ESO to pull secrets by name
Signed-off-by: tanishg6@gmail.com <tanishg6@gmail.com>
* document ESO's capability to pull by secret name for IBM provider
Signed-off-by: tanishg6@gmail.com <tanishg6@gmail.com>
* correct the metrics instrumentation
Signed-off-by: tanishg6@gmail.com <tanishg6@gmail.com>
---------
Signed-off-by: tanishg6@gmail.com <tanishg6@gmail.com>
* Add API changes for push secret to k8s
- Property field similar to ExternalSecret
Signed-off-by: Stephan Discher <stephan.discher@sap.com>
* rebase: merge commits
Signed-off-by: Stephan Discher <stephan.discher@sap.com>
* New Test cases for existing PushSecret Logic
Signed-off-by: Stephan Discher <stephan.discher@sap.com>
* feat: replace property if it exists, but differs
Signed-off-by: Stephan Discher <stephan.discher@sap.com>
* feat: restrict usage to having a property always
Signed-off-by: Stephan Discher <stephan.discher@sap.com>
* chore: refactor delete to work with property only and cleanup whole secret only if it would be empty otherwise
Signed-off-by: Stephan Discher <stephan.discher@sap.com>
* feat: refuse to work without property in spec
Signed-off-by: Stephan Discher <stephan.discher@sap.com>
* chore: cleanup code, make it more readable
Signed-off-by: Stephan Discher <stephan.discher@sap.com>
* feat: add metric calls for kubernetes
Signed-off-by: Stephan Discher <stephan.discher@sap.com>
* chore: reorder test cases
Signed-off-by: Stephan Discher <stephan.discher@sap.com>
* feat: make property optional to not break compatibility
Signed-off-by: Stephan Discher <stephan.discher@sap.com>
* fix: adapt fake impls to include new method to fix tests
Signed-off-by: Stephan Discher <stephan.discher@sap.com>
* feat: change status-ref to include property to allow multi property deletes
Signed-off-by: Stephan Discher <stephan.discher@sap.com>
* chore: fix make reviewable complains
Signed-off-by: Stephan Discher <stephan.discher@sap.com>
* fix: fix imports from merge conflict
Signed-off-by: Stephan Discher <stephan.discher@sap.com>
* chore: adapt latest make reviewable suggestions
Signed-off-by: Stephan Discher <stephan.discher@sap.com>
* docs: update push secret support for k8s provider
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* docs: add Kubernetes PushSecret docs
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
---------
Signed-off-by: Stephan Discher <stephan.discher@sap.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
The Service Binding for Kubernetes project (servicebinding.io) is a spec
to make it easier for workloads to consume services. At runtime, the
ServiceBinding resource references a service resources and workload
resource to connect to the service. The Secret for a service is
projected into a workload resource at a well known path.
Services can advertise the name of the Secret representing the service
on it's status at `.status.binding.name`. Hosting the name of a Secret
at this location is the Provisioned Service duck type. It has the effect
of decoupling the logical consumption of a service from the physical
Secret holding state.
Using ServiceBindings with ExternalSecrets today requires the user to
directly know and reference the Secret created by the ExternalSecret as
the service reference. This PR adds the name of the Secret to the status
of the ExternalSecret at a well known location where it is be discovered
by a ServiceBinding. With this change, user can reference an
ExternalSecret from a ServiceBinding.
A ClusterRole is also added with a well known label for the
ServiceBinding controller to have permission to watch ExternalSecrets
and read the binding Secret.
ClusterExternalSecret was not modified as ServiceBindings are limited to
the scope of a single namespace.
Signed-off-by: Scott Andrews <andrewssc@vmware.com>
* feat: add generator for vaultdynamicsecret
* Added controllerClass on VaultDynamicSecret
* Added controllerClass on VaultDynamicSecret
Signed-off-by: rdeepc <12953177+rdeepc@users.noreply.github.com>
* Fixed lint
Signed-off-by: rdeepc <12953177+rdeepc@users.noreply.github.com>
* Fixed hack bash
Signed-off-by: rdeepc <12953177+rdeepc@users.noreply.github.com>
* feat: Implemented generator controller class support
- Controller class support in VaultDynamicSecret
- Controller class support in Fake
Signed-off-by: rdeepc <12953177+rdeepc@users.noreply.github.com>
* feat: Implemented Generator controller class check
Signed-off-by: rdeepc <12953177+rdeepc@users.noreply.github.com>
* feat: Implemented Generator controller class check
Signed-off-by: rdeepc <dpr0413@gmail.com>
* feat: Implemented Generator controller class check
Signed-off-by: rdeepc <dpr0413@gmail.com>
* feat: hoist controller class check to the top
The generator controller class check should be at the very top of the
reconcile function just like the other secretStore class check.
Otherwise we would return an error and as a result set the status field on the es
resource - which is undesirable. The controller should completely
ignore the resource instead.
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
---------
Signed-off-by: rdeepc <12953177+rdeepc@users.noreply.github.com>
Signed-off-by: rdeepc <dpr0413@gmail.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Frederic Mereu <frederic.mereu@gaming1.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
* allow vault roleId to come from k8s Secret
Signed-off-by: intrand <intrand@users.noreply.github.com>
* mark RoleID as optional in kubebuilder
Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
Signed-off-by: intrand <intrand@users.noreply.github.com>
* mark RoleRef as optional in kubebuilder
Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
Signed-off-by: intrand <intrand@users.noreply.github.com>
* validate RoleRef through webhook
Signed-off-by: intrand <intrand@users.noreply.github.com>
* chore: make fmt/reviewable vault roleId addition
Signed-off-by: Brian Richardson <brianthemathguy@gmail.com>
---------
Signed-off-by: intrand <intrand@users.noreply.github.com>
Signed-off-by: Brian Richardson <brianthemathguy@gmail.com>
Co-authored-by: intrand <intrand@users.noreply.github.com>
Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
I also thought it could be usefull to provide an External Secret that uses the Password from the example
Signed-off-by: Sebastián Gómez <sebastiangomezcorrea@gmail.com>
support alibaba oidc assume role
---------
Signed-off-by: Maxim Rubchinsky <maxim.rubchinsky@wiz.io>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
Added external id field to struct. Wrote test in AWS provider to check
external ID field in IAM role. Added external id info to current log
when starting an aws session.
Signed-off-by: Cindy <choilmto@gmail.com>
* Added support for standard K8s labels in metrics
Signed-off-by: KA <110458464+kallymsft@users.noreply.github.com>
* Added feature-flag for label metrics
Signed-off-by: KA <110458464+kallymsft@users.noreply.github.com>
---------
Signed-off-by: KA <110458464+kallymsft@users.noreply.github.com>
* fix: export grafana dashboard properly
The dashboard JSON must be exported via the share UI, instead of the
JSON Model from settings.
This allows a user to select the correct datasource when importing it
via UI.
see here: https://grafana.com/docs/grafana/latest/dashboards/manage-dashboards/#exporting-a-dashboard
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* chore: bump deps
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
---------
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* wip: basic structure of scaleway provider
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* test: add some tests for GetAllSecrets
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* feat: implement PushSecret
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* test: improved test fixtures
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* feat: allow finding secrets by project using the path property
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* feat: add delete secret method
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* Delete dupplicate of push remote ref test implem
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* feat: add capability to use a secret for configuring access token
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* feat: implement GetSecretMap
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* feat: filtering by name and projetc id
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* test: add test for finding secret by name regexp
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* feat: config validation
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* fix: handle situation where no namespace is specified and we cannot provide a default
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* feat: reference secrets by id or name
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* fix: invalid request caused by pagination handling
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* feat: log the error when failing to access secret version
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* fix: pass context to sdk where missing
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* feat: add a cache for reducing AccessSecretVersion() calls
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* refacto: use GetSecret with name instead of ListSecrets
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* feat: allow using secret name in ExternalSecrets
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* feat: use latest_enabled instead of latest
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* refacto: optimized PushSecret and improved its test coverage
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* fix: doesConfigDependOnNamespace was always true
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* feat: use new api with refactored name-based endpoints
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* remove useless todo
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* fix: use secret names as key for GetAllSecrets
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* feat: support gjson propery lookup
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* feat: e2e tests
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* test: e2e test using secret to store api key
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* test: cleanup left over resources on the secret manager before each e2e run
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* doc: add doc for scaleway provider
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* refacto: fix lint issues
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* test: cleanup code in e2e was commented
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* feat: the previous version is disabled when we push to a secret
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* doc: add comments to ScalewayProvider struct to point to console and doc
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* feat: add missing e2e env vars for scaleway
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* docs: add scaleway to support/stability table
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
---------
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
I've added my recent live session about ESO from the AWS Container from the Couch YouTube channel
Signed-off-by: Emin Alemdar <77338109+eminalemdar@users.noreply.github.com>
