* fix: permissions on steps is not a thing
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* add comment in the values about the conversion
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
---------
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* chore: bump helm-chart version v0.10.6
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* updated the release doc
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
---------
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* fix: do not import gpg key from forked repo
The key does not exist there and is not needed.
The import-gpg and run-chart-releaser step should only run
on main.
Otherwise it fails due to missing GPG key and invalid permissions on
github token.
It should add a bunch of app.kubernetes.io labels
Signed-off-by: Miguel Sacristán Izcue <miguel_tete17@hotmail.com>
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* feat: add AWS STS Session token generator
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* version update for the generated CRD
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
---------
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
This removes the need for an intermediary Kind=ExternalSecret and
Kind=Secret when using a generator.
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* Make CRD categories useful
* one category for all ES objects.
* one only for generators
* add missing controller label on CRDs
* fix UUID description (was referring to password)
Signed-off-by: Gabi Davar <grizzly.nyo@gmail.com>
* missing update
Signed-off-by: Gabi Davar <grizzly.nyo@gmail.com>
---------
Signed-off-by: Gabi Davar <grizzly.nyo@gmail.com>
* Added Previder Vault Provider and tests
Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>
* Set go version back to 1.23
Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>
* Updates after "make reviewable"
Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>
* Fixed methods to naming convention
Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>
* Added Previder to stability support doc
Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>
* Added installation documentation and Previder logo
Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>
* Altered last test name for naming convention
Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>
* Adds Previder provider to api-docs/mkdocs.yml
Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>
* Ran make check-diff
Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>
* Updated Tiltfile to check for new default image used in helm chart
Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>
* Added optional tag to PreviderAuth struct
Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>
* Removed toolchain
Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>
* Updated to go 1.23.1 for CVE; Updated previder/vault-cli to 0.1.2 for CVE fix also
Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>
---------
Signed-off-by: Gijs Middelkamp <g.middelkamp@previder.nl>
Signed-off-by: Gijs Middelkamp <17021438+gkwmiddelkamp@users.noreply.github.com>
* testing no fork e2e run
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* adding a login step to check if it is required
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* changing the other github action instead
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* using a different approach and log in in this action instead of the callling one
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* adding an input instead
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* add bitwarden as a hard dependency
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* trying to add the whole chart to avoid dep update
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* remove bitwarden chart and build both domains for e2e tests
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
---------
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* feat(generator/uuid): initial version
Signed-off-by: Alexander Schaber <a.schaber@cuegee.com>
* fix(generator/uuid): rename symbols in compliance with lint
Signed-off-by: Alexander Schaber <a.schaber@cuegee.com>
* fix(generator/uuid): rename unused vars to `_` to fix lint
Signed-off-by: Alexander Schaber <a.schaber@cuegee.com>
* docs(generator/uuid): initial documentation for uuid generator
Signed-off-by: Alexander Schaber <a.schaber@cuegee.com>
---------
Signed-off-by: Alexander Schaber <a.schaber@cuegee.com>
* feat: add CAProvider to bitwarden
This change introduces a refactor as well since CAProvider
was used by multiple providers with diverging implementations.
The following providers were affected:
- webhook
- akeyless
- vault
- conjur
- kubernetes
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* refactored the Kubernetes provider to use create ca
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* refactor webhook, vault and kubernetes provider
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* rename CreateCACert to FetchCACertFromSource
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* addressed comments and autodecoding base64 data
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* check if the decoded value is a valid certificate
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
---------
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* feat: add prefix definition to all secret keys for aws parameter store
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* added a push secret test to verify called parameter has a prefix
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
---------
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
* fix: explicitly fetch status subresource due to inconsistencies
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* fix: bump go
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* fix: add rbac to get status
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
---------
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* chore(chart): Remove unnecessary line breaks to format the list of args
Signed-off-by: Tsubasa Nagasawa <toversus2357@gmail.com>
* feat(chart): Enable partial cache for certcontroller when installCRDs=true
If CRDs are managed by a Helm chart, the addition of the label to the CRDs
required for the partial cache feature is reflected in the update.
Therefore, if installCRDs=true, the partial cache feature is automatically enabled.
Signed-off-by: Tsubasa Nagasawa <toversus2357@gmail.com>
* fix: run ct using main images
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* fix: set helm test values
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* chore: bump CRDs in helm tests
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
---------
Signed-off-by: Tsubasa Nagasawa <toversus2357@gmail.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
* feat: Add component labels to custom resource definitions
Prerequisite for restricting the CRDs cached by Informer
Signed-off-by: Tsubasa Nagasawa <toversus2357@gmail.com>
* feat(certcontroller): Allow restricting CRDs and Webhook configs in Informer cache
The certcontroller watches CRDs and Webhook configurations, and
manages CA certificates for conversion webhooks of CRDs and Webhook
configurations. Some clusters have a large number of CRDs and Webhook
configurations installed. Additionally, some CRDs have large object sizes.
Currently, the certcontroller holds all CRDs and Webhook configurations
in the Informer cache. Since this includes CRDs not managed by the
certcontroller for CA certificates, memory usage tends to be high.
This PR adds a label to the CRDs and configures the Informer cache to hold
only the CRDs and Webhook configurations restricted by the label selector.
It assumes that the CRDs have a label. Depending on how the External Secrets
Operator is managed, it may be possible to update the External Secrets
Operator without updating the CRDs, so as a precaution, it can be turned
on/off via a startup option. It is disabled by default.
Signed-off-by: Tsubasa Nagasawa <toversus2357@gmail.com>
---------
Signed-off-by: Tsubasa Nagasawa <toversus2357@gmail.com>
* add log.level and log.encoding to all components
Signed-off-by: Aviv Guiser <avivguiser@gmail.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
