1
0
Fork 0
mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00
Commit graph

89 commits

Author SHA1 Message Date
Mike Tougeron
7f71b4717a
Update docs for namespaceSelectors usage and namespaceSelector deprecation (#3695)
Signed-off-by: Mike Tougeron <tougeron@adobe.com>
2024-07-21 16:37:48 -03:00
abhinav1708
bdd0c7ec9a
support for adding headers in vault provider (#3677)
* support for vault headers

Signed-off-by: Abhinav Garg 10033523 <abhinav1708@gmail.com>

* changes in crds bases for headers support

Signed-off-by: Abhinav Garg 10033523 <abhinav1708@gmail.com>

* adding autogenerated files

Signed-off-by: Abhinav Garg 10033523 <abhinav1708@gmail.com>

* removing extra---

Signed-off-by: Abhinav Garg 10033523 <abhinav1708@gmail.com>

* adding headers before x-vault-Inconsistent

Signed-off-by: Abhinav Garg 10033523 <abhinav1708@gmail.com>

* changing for lint pass

Signed-off-by: Abhinav Garg 10033523 <abhinav1708@gmail.com>

---------

Signed-off-by: Abhinav Garg 10033523 <abhinav1708@gmail.com>
2024-07-15 11:27:06 +02:00
Bill Hamilton
1876ff88d7
Add support for Delinea Secret Server (#3468)
* implements secretserver

Signed-off-by: Bill Hamilton <bill.hamilton@delinea.com>

* bump to align e2e

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

* bump

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

---------

Signed-off-by: Bill Hamilton <bill.hamilton@delinea.com>
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
Co-authored-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
2024-07-10 14:32:17 -03:00
kaedwen
48cccaeded
add AuthRef to kubernetes provider fixes #3627 (#3628)
* add AuthRef to kubernetes provider fixes #3627

Signed-off-by: kaedwen <kaedwen@heinrich.blue>

* run make reviewable

Signed-off-by: kaedwen <kaedwen@heinrich.blue>

* fix validation for given authRef

Signed-off-by: kaedwen <kaedwen@heinrich.blue>

* refactor kubernetes provider auth

Signed-off-by: kaedwen <kaedwen@heinrich.blue>

* satisfy linter

Signed-off-by: kaedwen <kaedwen@heinrich.blue>

* add URL for kubernetes provider tests

Signed-off-by: kaedwen <kaedwen@heinrich.blue>

---------

Signed-off-by: kaedwen <kaedwen@heinrich.blue>
2024-07-01 23:31:10 +02:00
Gergely Brautigam
095537e6ad
feat: add bitwarden secret manager support (#3603) 2024-06-28 06:04:25 +02:00
Nathan Ellenfield
907e8ebc82
Fix ACR External Secret example (#3626)
* Fix ACR External Secret example

Signed-off-by: Nathan Ellenfield <nathan.ellenfield@allscripts.com>

* Fix typos in acr generator docs

Signed-off-by: Nathan Ellenfield <nathan.ellenfield@allscripts.com>

---------

Signed-off-by: Nathan Ellenfield <nathan.ellenfield@allscripts.com>
2024-06-26 19:50:24 +02:00
Geoffrey MUSELLI
f74e08546c
Support glob for namespaces condition in ClusterSecretStore (#2920)
* feat(ClusterSecretStore): Support glob for conditions.namespaces

Signed-off-by: gmuselli <geoffrey.muselli@gmail.com>

* feat(ClusterSecretStore): Fix diff

Signed-off-by: gmuselli <geoffrey.muselli@gmail.com>

* feat(ClusterSecretStore): Fix code smell

Signed-off-by: gmuselli <geoffrey.muselli@gmail.com>

* feat(ClusterSecretStore): First code review

Signed-off-by: gmuselli <geoffrey.muselli@gmail.com>

* feat(ClusterSecretStore): Second code review

Signed-off-by: gmuselli <geoffrey.muselli@gmail.com>

* feat(ClusterSecretStore): Generate

Signed-off-by: gmuselli <geoffrey.muselli@gmail.com>

* feat(ClusterSecretStore): Fix Sonar method complexity

Signed-off-by: gmuselli <geoffrey.muselli@gmail.com>

* addressed comments

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* renamed namedspacesregexes because it sounded funny

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

---------

Signed-off-by: gmuselli <geoffrey.muselli@gmail.com>
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-06-17 08:36:05 +02:00
smcavallo
d29c001d37
Add device42 provider (#3571) 2024-06-14 06:04:19 +02:00
Akhil Mohan
ace1ff595f
Infisical provider (#3477)
* feat: added crds for infisical provider

Signed-off-by: = <akhilmhdh@gmail.com>

* feat: implemented infisical provider logic

Signed-off-by: = <akhilmhdh@gmail.com>

* fix: resolved broken doc building due to vault doc error

Signed-off-by: = <akhilmhdh@gmail.com>

* docs: added doc for infisical provider

Signed-off-by: = <akhilmhdh@gmail.com>

* docs: fixed a warning in mkdocs on link

Signed-off-by: = <akhilmhdh@gmail.com>

* feat: resolved all lint issues

Signed-off-by: = <akhilmhdh@gmail.com>

* doc: removed k8s auth release banner from infisical doc

Signed-off-by: = <akhilmhdh@gmail.com>

* feat: added support for property to infisical provider

Signed-off-by: = <akhilmhdh@gmail.com>

* feat: removed auth type and made implicit ordering of authentication based on feedback

Signed-off-by: = <akhilmhdh@gmail.com>

* feat: support for referent authentication

Signed-off-by: = <akhilmhdh@gmail.com>

* feat: added error for tag not supported in find

Signed-off-by: = <akhilmhdh@gmail.com>

* fix: resolved failing build

Signed-off-by: = <akhilmhdh@gmail.com>

* feat: updated doc and added stability matrix for infisical

Signed-off-by: = <akhilmhdh@gmail.com>

* feat: switched to less error prone use and revoke token strategy and added validate interface logic

Signed-off-by: = <akhilmhdh@gmail.com>

* feat: code lint issue fixes

Signed-off-by: = <akhilmhdh@gmail.com>

* feat: resolved review comments for infisical client

Signed-off-by: = <akhilmhdh@gmail.com>

* feat: improved test cases and resolved sonar issues

Signed-off-by: = <akhilmhdh@gmail.com>

* feat: resolved sonar suggestions

Signed-off-by: = <akhilmhdh@gmail.com>

* feat: resolved sonar suggestions for test const ids

Signed-off-by: = <akhilmhdh@gmail.com>

* feat: store changes to assertError

Signed-off-by: = <akhilmhdh@gmail.com>

---------

Signed-off-by: = <akhilmhdh@gmail.com>
2024-06-11 22:27:31 +02:00
AvivGuiser
c365cb4956
add log.level and log.encoding to all components (#3558)
* add log.level and log.encoding to all components

Signed-off-by: Aviv Guiser <avivguiser@gmail.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
2024-06-08 15:37:01 +02:00
Gergely Brautigam
94c9a33a11
feat: add location to GCP push secret (#3502)
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-06-07 09:46:29 +02:00
Luis Schweigard
0abb3e9cc4
Add support for Authentication against Azure Key Vault using Client Certificate (#3469)
* Implementation of Certificate Based Authz against Azure Key Vault

Signed-off-by: Luis Schweigard <luis.schweigard@gmail.com>

* Add tests for new Azure certificate auth functionality

Signed-off-by: Luis Schweigard <luis.schweigard@gmail.com>

* Add documentation for Azure Cert based Auth

Signed-off-by: Luis Schweigard <luis.schweigard@gmail.com>

* Generate spec.md

Signed-off-by: Luis Schweigard <luis.schweigard@gmail.com>

* Add changes from code review

Signed-off-by: Luis Schweigard <luis.schweigard@gmail.com>

* Fix naming in test error case

Signed-off-by: Luis Schweigard <luis.schweigard@gmail.com>

---------

Signed-off-by: Luis Schweigard <luis.schweigard@gmail.com>
2024-05-13 08:40:50 -03:00
Michael Serchenia
34444280bb
GitHub token gen doc (#3463)
* added tempalte example for github token gen + doc

Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>

* added tempalte example for github token gen + doc

Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>

* build doc success, added github with template example

Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>

---------

Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>
2024-05-10 05:00:57 -03:00
Shuhei Kitagawa
9d17e34942
Refactor the SecretStore client manager (#3419)
* Refactor the SecretStore client manager

Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>

* Fix ineffectual assignment to err

Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>

* Update docs

Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>

---------

Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
2024-04-29 05:15:21 -03:00
Mykhailo Zahlada
47cc50a9ed
Workloadidentity clientid from secret ref (#3367)
* updates documentation: extends workloadIdentity auth configuration

Signed-off-by: Mykhailo Zahlada <myzahlad@microsoft.com>

* adds and updates tests

Signed-off-by: Mykhailo Zahlada <myzahlad@microsoft.com>

* extends provider configuration to accept clientId and tenantId as auth SecretRef

Signed-off-by: Mykhailo Zahlada <myzahlad@microsoft.com>

* updates service account example

Signed-off-by: Mykhailo Zahlada <myzahlad@microsoft.com>

* updates docs

Signed-off-by: Mykhailo Zahlada <myzahlad@microsoft.com>

---------

Signed-off-by: Mykhailo Zahlada <myzahlad@microsoft.com>
Co-authored-by: Mykhailo Zahlada <myzahlad@microsoft.com>
Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
2024-04-18 05:09:53 -03:00
Thorben Below
432c6bf9ab
Feat: Add Passbolt Provider (#3334)
* add passbolt provider

Signed-off-by: Thorben Below <56894536+thorbenbelow@users.noreply.github.com>

* Fix: return err for unimplemented methods

Signed-off-by: Thorben Below <56894536+thorbenbelow@users.noreply.github.com>

---------

Signed-off-by: Thorben Below <56894536+thorbenbelow@users.noreply.github.com>
2024-04-18 09:58:25 +02:00
Shuhei Kitagawa
120fedf841
Add NamespaceSelectors field to ClusterExternalSecret (#3268)
https://github.com/external-secrets/external-secrets/issues/3257

Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
2024-04-05 08:35:08 +09:00
Blair Drummond
731c0ed736
feat: add vault auth namespace option (#3157)
* feat: add vault auth namespace option

Signed-off-by: Blair Drummond <blaird@liatrio.com>

* fix: appease the linter

Signed-off-by: Blair Drummond <blaird@liatrio.com>

* feat: add tests for auth namespace

Signed-off-by: Blair Drummond <blaird@liatrio.com>

* fix: add make reviewable output

Signed-off-by: Blair Drummond <blaird@liatrio.com>

---------

Signed-off-by: Blair Drummond <blaird@liatrio.com>
2024-03-27 07:23:34 +01:00
Sulfixx
e57e4b72ca
Integrate Passworddepot (#2799)
* PLAT-1179 | updated to beta1

Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>

* PLAT-1179 | Updating External Secrets fixes

Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>

* PLAT-1179 | Fix to Passworddepots-crds-generation

Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>

* PLAT-1179 | apiextensionsv1 removal

Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>

* Update apis/externalsecrets/v1beta1/secretstore_passworddeport_types.go

Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Signed-off-by: Sulfixx <135371229+Sulfixx@users.noreply.github.com>

* Update apis/externalsecrets/v1beta1/secretstore_passworddeport_types.go

Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Signed-off-by: Sulfixx <135371229+Sulfixx@users.noreply.github.com>

* Update apis/externalsecrets/v1beta1/secretstore_types.go

Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Signed-off-by: Sulfixx <135371229+Sulfixx@users.noreply.github.com>

* PLAT-1179 | Removed insecureverify and other fixes

Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>

* PLAT-1179 | Fixed Linter and Sonar Issues

Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>

* PLAT-1179 | Fixed Typo in Passworddepot_api.go

Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>

* PLAT-1179 | Resolved go.mod Conflict

Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>

* PLAT-1179 | Resolved go.mod conflict typo

Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>

* PLAT-1179 | admission.Warnings error fix

Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>

* PLAT-1179 | Added nolint:bodyclose // linters bug

Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>

* PLAT-1179 | Removed <= Head arrow from mkdocs.yml

Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>

* PLAT-1179 | Added Make Check-Diff Changes

Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>

* PLAT-1179 | Changed Error Package, Added Context, API Refactor

Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>

* PLAT-1179 | Added const DoRequestError to reduce Codesmell

Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>

* PLAT-1179 | Moved defer body close func into ReadAndUnmarshal

Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>

* PLAT-1179 | Moved Status Check into ReadAndUnmarshal

Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>

* PLAT-1179 | Removed Response.body from ReadAndUnmarshal

Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>

* Update apis/externalsecrets/v1alpha1/secretstore_passworddepot_types.go

Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Signed-off-by: Sulfixx <135371229+Sulfixx@users.noreply.github.com>

* PLAT-1179 | Go mod tidy and Make generate

Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>

* PLAT-1179 | Added empty SecretExists Method

Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>

* PLAT-1179 | Renamed unsed ctx to _

Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>

---------

Signed-off-by: Simon Becker <simon.becker@fastleansmart.com>
Signed-off-by: Sulfixx <135371229+Sulfixx@users.noreply.github.com>
Co-authored-by: Sören Rohweder <soeren.rohweder@fastleansmart.com>
Co-authored-by: Simon Becker <simon.becker@fastleansmart.com>
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-03-12 13:33:08 +01:00
Shlomo Zalman Heigh
1d3209da59
Conjur E2E Tests for K8s JWT Authentication (#3217)
Signed-off-by: Shlomo Heigh <shlomo.heigh@cyberark.com>
2024-03-01 17:36:19 +01:00
Gergely Brautigam
02f941b0a0
Revert "3012 - Probes for external-secrets (#3131)" (#3213)
This reverts commit 7eebfa027c.

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2024-03-01 13:22:35 +01:00
Benjamin Walterscheid
7eebfa027c
3012 - Probes for external-secrets (#3131)
* issue/3012 - introduced livenessProbe for core controller

Signed-off-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>

* issue/3012 - updated livenessprobe for core controller

Signed-off-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>

* issue/3012 - updated failing tests for controller_test.yaml

Signed-off-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>

* issue/3012 - liveness probes with missing LivenessEndpointName and liveAddr flag

Signed-off-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>

* issue/3012 - added missing live-addr core controller flag

Signed-off-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>

* issue/3012 - removed obsolete align

Signed-off-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>

* issue/3012 - added missing livenessProbe to README

Signed-off-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>

* issue/3012 - updated docu for livenessProbes

Signed-off-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>

* issue/3012 - corrected description within values.yaml for check-diff

Signed-off-by: Benjamin Walterscheid <git@berlking.io>

* issue/3012 - minor README corrections

Signed-off-by: Benjamin Walterscheid <git@berlking.io>

* issue/3012 - updated snapshots for fortanix and onboardbase

Signed-off-by: Benjamin Walterscheid <git@berlking.io>

---------

Signed-off-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>
Signed-off-by: Benjamin Walterscheid <52604859+fdberlking@users.noreply.github.com>
Signed-off-by: Benjamin Walterscheid <git@berlking.io>
Co-authored-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>
2024-03-01 08:57:45 +01:00
Aleem Isiaka
52f6655345
Onboardbase (#2697)
* Commit and Save

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Pull secrets

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Integrate Onboardbase Into ESO

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Minor Fix And Cleanups

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Attend to review comments

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Commit and Save

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Pull secrets

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Integrate Onboardbase Into ESO

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Minor Fix And Cleanups

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Attend to review comments

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Commit and Save

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Pull secrets

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Integrate Onboardbase Into ESO

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Minor Fix And Cleanups

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Attend to review comments

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Commit and Save

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Pull secrets

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Integrate Onboardbase Into ESO

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Minor Fix And Cleanups

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Attend to review comments

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Run decrypt with error

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Commit and Save

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Pull secrets

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Integrate Onboardbase Into ESO

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Minor Fix And Cleanups

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Attend to review comments

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Commit and Save

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Pull secrets

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Integrate Onboardbase Into ESO

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Minor Fix And Cleanups

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Attend to review comments

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Commit and Save

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Pull secrets

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Integrate Onboardbase Into ESO

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Minor Fix And Cleanups

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Attend to review comments

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Commit and Save

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Pull secrets

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Integrate Onboardbase Into ESO

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Minor Fix And Cleanups

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Attend to review comments

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Install deps

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Improved docs

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Improved docs

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Update hack/crd.generate.sh

Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
Signed-off-by: Aleem Isiaka <30846935+limistah@users.noreply.github.com>

* address issues with running the code

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* decrypt library into code

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* add docs to onboardbase provider

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* refactor duplicates

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Address Issues with tests

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Address issues with delete policy and json secrets

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Fix lint errors

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* error out when there is tags in the find field

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* execute delete request with the right data

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* ignore deletion policy

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* improve lint errors

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* remove cryptojs decrypt libs

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* Get secret value if property is set

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* run obb operator

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* 👌 IMPROVE: supports request deadline, esv1beta1 api updates

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* use same timeout

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* fix sonar cloud issues

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* fix sonar cloud issues

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* fix sonar cloud issues

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* fix failing test

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* add improve docs

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

* add improve docs

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>

---------

Signed-off-by: Aleem Isiaka <aleemisiaka@gmail.com>
Signed-off-by: Nasirudeen Olohundare <iamnasirudeen@gmail.com>
Signed-off-by: Aleem Isiaka <30846935+limistah@users.noreply.github.com>
Co-authored-by: Nasirudeen Olohundare <iamnasirudeen@gmail.com>
Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
2024-02-29 21:28:17 +01:00
David Recuenco
af38fc68d5
ADD sdkms base implementation (#3180)
* ADD sdkms base implementation

Signed-off-by: Recuenco, David <david.recuenco@adidas-group.com>

* FIX get secret object by name, unmarshalling error formatting

Signed-off-by: Recuenco, David <david.recuenco@adidas-group.com>

* ADD suport for fortanix secret security objects

Signed-off-by: Recuenco, David <david.recuenco@adidas-group.com>

* ADD more tests for opaque, secret, new client

Signed-off-by: Recuenco, David <david.recuenco@adidas-group.com>

* FIX changes required by make reviewable

Signed-off-by: Recuenco, David <david.recuenco@adidas-group.com>

* ADD missing provider registration

Signed-off-by: Recuenco, David <david.recuenco@adidas-group.com>

* FIX remove unused error string, add generated assets

Signed-off-by: Recuenco, David <david.recuenco@adidas-group.com>

---------

Signed-off-by: Recuenco, David <david.recuenco@adidas-group.com>
2024-02-28 10:59:47 +01:00
Gustavo Fernandes de Carvalho
1cf8f68276
Implements Webhook Generator (#3121)
* adding webhook generators

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

* bumping bundle

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

* linting

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

* fixing copy-paste error

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

* common webhook functions

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

* removing duplicates. Adding tests for generator

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

* docs

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

---------

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
2024-02-17 06:49:31 -03:00
Engin Diri
dc9b5b7207
feat: add support for Pulumi ESC (#2997)
Signed-off-by: Engin Diri <engin.diri@ediri.de>
2024-02-14 19:56:06 +01:00
Sourav Patnaik
a012f4829c
Implementation of Chef External Secrets Provider (#3127)
* Adding the details for chef provider secret store.

Issue: https://github.com/external-secrets/external-secrets/issues/2905

This commit intends to add the chef provider structure to the existing list of external-secrets providers.
It defines the structure of the SecretStore and ClusterSecretStore for chef Provider.
The yaml resource will contain 3 important parts to identify and connect to chef server to reconcile secrets. They are:
1. serverurl: This is the URL to the chef server.
2. username: The username to connect to the chef server.
3. auth: The password to connect to the chef server. It is a reference to an already existing kubernetes secret containing the password.

This commit also contains the auto generated CRDs using the `make generate` command.

Signed-off-by: Subroto Roy <subrotoroy007@gmail.com>

* Implementation for Chef ESO provided

Signed-off-by: vardhanreddy13 <vvv.vardhanreddy@gmail.com>

* - implemented Chef eso, added required methods
- added unit test cases
- added sample documentation
Issue: https://github.com/external-secrets/external-secrets/issues/2905

Signed-off-by: Sourav Patnaik <souravpatnaik123@gmail.com>

* Added Documentation for Authentication

Signed-off-by: Subroto Roy <subrotoroy007@gmail.com>

* added documentation for Chef eso
Issue: https://github.com/external-secrets/external-secrets/issues/2905

Signed-off-by: Sourav Patnaik <souravpatnaik123@gmail.com>

* Updated chef ESO documentation

Signed-off-by: vardhanreddy13 <vvv.vardhanreddy@gmail.com>

* updated ValidateStore method signature
Issue: https://github.com/external-secrets/external-secrets/issues/2905

Signed-off-by: Sourav Patnaik <souravpatnaik123@gmail.com>

* made changes in chef provider to satisfy 'make docs'

Issue: https://github.com/external-secrets/external-secrets/issues/2905

Signed-off-by: Sourav Patnaik <souravpatnaik123@gmail.com>

* - updated code as per review comment, make reviewable suggestions
Issue: https://github.com/external-secrets/external-secrets/issues/2905

Signed-off-by: Sourav Patnaik <souravpatnaik123@gmail.com>

* modified chef provider code as per review comment

Issue: https://github.com/external-secrets/external-secrets/issues/2905

Signed-off-by: Sourav Patnaik <souravpatnaik123@gmail.com>

---------

Signed-off-by: Subroto Roy <subrotoroy007@gmail.com>
Signed-off-by: vardhanreddy13 <vvv.vardhanreddy@gmail.com>
Signed-off-by: Sourav Patnaik <souravpatnaik123@gmail.com>
Co-authored-by: Subroto Roy <subrotoroy007@gmail.com>
Co-authored-by: vardhanreddy13 <vvv.vardhanreddy@gmail.com>
2024-02-14 09:54:08 +01:00
Moritz Johner
26f9c3f1f4
chore: refactor/centralise secretKeyRef usage (#3022)
* chore: refactor/centralise secretKeyRef usage

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2024-01-21 08:19:57 +01:00
Rodrigo Fior Kuntzer
31cecaa62b
feat: add support for Hashicorp Vault mTLS (#3018)
* feat: adding support for mTLS to the Vault provider

Signed-off-by: Rodrigo Fior Kuntzer <rodrigo@miro.com>
2024-01-19 00:43:28 +01:00
Moritz Johner
00249f1d43
Create OSSF scorecard job (#3032)
* Create scorecard.yml

Adds a scorecard workflow to regularly check the repo.
See docs: https://github.com/marketplace/actions/ossf-scorecard-action#scorecard-badge

Signed-off-by: Moritz Johner <moolen@users.noreply.github.com>
2024-01-18 21:03:07 +01:00
Zadkiel Aharonian
551706c494
docs: update controller reconcile error rule (#3021)
Signed-off-by: Zadkiel Aharonian <zadkiel.aharonian@gmail.com>
2024-01-12 19:54:52 +01:00
Gergely Brautigam
d6e24a82bd
feat: add templating to PushSecret (#2926)
* feat: add templating to PushSecret

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* adding unit tests around templating basic concepts and verifying output

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* extracting some of the common functions of the parser

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* remove some more duplication

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* removed commented out code segment

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* added documentation for templating feature

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* simplified the templating for annotations and labels

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

---------

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2023-12-22 21:45:34 +01:00
Kiyofumi Sano
2f043ecaed
Signed-off-by: Kiyo510 <miraishida00510@gmail.com> (#2919)
typo: ref:#2917 Fix typo in ExtermalSecretRewriteTransform
2023-12-02 14:53:11 +01:00
Victor Santos
3599384660
feat(fake): deprecate ValueMap to use Value instead (#2884) 2023-12-02 06:57:48 +09:00
Moritz Johner
2b2661ebc2
fix: use service management endpoint for ACR when using WI (#2913)
The `scope` parameter used to be the ACR url foobar.azurecr.io, but
this stopped working. Turns out that you need to use the management
endpoint as `scope` in order to authenticate with ACR.

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2023-11-30 00:02:28 +01:00
Yonatan Koren
d42e19dc70
feat: AWS SecretsManager Config (allow ForceDeleteWithoutRecovery for PushSecret) (#2854)
* Add secretsmanager config.

Signed-off-by: Yonatan Koren <10080107+korenyoni@users.noreply.github.com>

* Fix unit tests.

Signed-off-by: Yonatan Koren <10080107+korenyoni@users.noreply.github.com>

* Update docs, fix validation, tests.

Signed-off-by: Yonatan Koren <10080107+korenyoni@users.noreply.github.com>

* Fix grammatical error in attribute descriptions.

Signed-off-by: Yonatan Koren <10080107+korenyoni@users.noreply.github.com>

* Improve API docs for SecretsManager.

Signed-off-by: Yonatan Koren <10080107+korenyoni@users.noreply.github.com>

---------

Signed-off-by: Yonatan Koren <10080107+korenyoni@users.noreply.github.com>
2023-11-14 18:44:22 -03:00
Shuhei Kitagawa
c9b3f97425
Refactor the PushSecret interface (#2859)
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
2023-11-08 06:47:13 +09:00
Anders Swanson
f4a7c95b54
feat: Oracle PushSecret & find implementation (#2840)
Signed-off-by: anders-swanson <anders.swanson@oracle.com>
2023-11-03 21:42:27 +01:00
Moritz Johner
9ff86eab51
fix: remove sourceRef.generatorRef from .data[] (#2735)
fix: deprecate sourceRef.generatorRef from .data[]

A generator is supposed to be used via .dataFrom[]. Usage in .data[]
is not implemented and doesn't make sense, see #2720.

This commit splits the SourceRef into two types:
- one that only defines a secretStoreRef
- one that allows to define either secretStoreRef or generatorRef

The former is used in .data[] and the latter is used in .dataFrom[].

The Deprecated field is going to be removed with v1.

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2023-11-02 14:37:59 +01:00
Anders Swanson
8dd934ceed
feat: Oracle provider service account masquerade (#2817)
* feat: Oracle provider service account masquerade

Signed-off-by: anders-swanson <anders.swanson@oracle.com>
2023-11-02 08:34:18 +01:00
Shuhei Kitagawa
ff0ef2e6d9
Add validations for the enum values (#2819)
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
2023-10-30 13:30:04 +01:00
Gergely Brautigam
7fbae000d6
feat: add namespace list selector to ClusterExternalSecrets (#2803)
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
2023-10-25 13:58:05 +02:00
Sonny Alves Dias
0a0fd050c0
add directive to apply template on secret names (#2802)
Signed-off-by: Sonny Alves Dias <sonny.dias@superevilmegacorp.com>
2023-10-25 13:45:38 +02:00
Anders Swanson
b1bad77eb3
Oracle: Workload Identity authentication (#2781)
* Oracle: Workload Identity authentication

Signed-off-by: anders-swanson <anders.swanson@oracle.com>

* Merge main

Signed-off-by: anders-swanson <anders.swanson@oracle.com>

* Cleanup go.mod

Signed-off-by: anders-swanson <anders.swanson@oracle.com>

* Lint

Signed-off-by: anders-swanson <anders.swanson@oracle.com>

* Use mutex for environment variables

Signed-off-by: anders-swanson <anders.swanson@oracle.com>

---------

Signed-off-by: anders-swanson <anders.swanson@oracle.com>
Signed-off-by: Anders Swanson <91502735+anders-swanson@users.noreply.github.com>
2023-10-24 21:48:25 +02:00
Sebastián Gómez
f5a4107b3f
Updated docum of PushSecret (#2391)
* Updated docum of PushSecret

Closes #2242

Signed-off-by: Sebastián Gómez <sebastiangomezcorrea@gmail.com>

* Updated image and completed diagram file

Signed-off-by: Sebastián Gómez <sebastiangomezcorrea@gmail.com>

---------

Signed-off-by: Sebastián Gómez <sebastiangomezcorrea@gmail.com>
2023-10-11 21:20:50 +02:00
Kieran Bristow
d9eaeb40dc
Conjur JWT support (#2591)
* Add JWT Auth to Conjur Provider

Signed-off-by: Kieran Bristow <kieran.bristow@absa.africa>

* Update docs for Cyberark Conjur Provider

Signed-off-by: Kieran Bristow <kieran.bristow@absa.africa>

* Update test suite to cover new functionality

Signed-off-by: Kieran Bristow <kieran.bristow@absa.africa>

* Run make reviewable

Signed-off-by: Kieran Bristow <kieran.bristow@absa.africa>

* Set MinVersion for tls.Config to satisfy linting

Signed-off-by: Kieran Bristow <kieran.bristow@absa.africa>

* Move ca bundle config example to a yaml snippet

Signed-off-by: Kieran Bristow <kieran.bristow@absa.africa>

* fix: consolidate naming

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* fix: consolidate naming

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* docs: make it a working example

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* Remove JWT expiration handling logic

Signed-off-by: Kieran Bristow <kieran.bristow@absa.africa>

* Run make fmt

Signed-off-by: Kieran Bristow <kieran.bristow@absa.africa>

---------

Signed-off-by: Kieran Bristow <kieran.bristow@absa.africa>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
2023-09-25 10:05:17 +02:00
Shuhei Kitagawa
005fb4d123
Report not ready when no namespace matches (#2582)
* Report not ready when no namespace matches

Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>

* Fix flaky a test

Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>

* Simplify ClusterExternalSecret status

Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>

---------

Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
2023-08-28 12:03:57 +02:00
Shuhei Kitagawa
d5271d0dab
Delete old ClusterExternalSecrets when name changed (#2601)
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
2023-08-25 20:44:01 +02:00
Martin Schuessler
f777a85156
added userPass authentication to the hashicorp vault provider (#2539)
Signed-off-by: Martin Schuessler <1407812+c0ffee@users.noreply.github.com>
Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>
2023-08-01 14:16:19 +02:00
Michael Sauter
bdf437c2e1
Add support for Delinea DevOps Secrets Vault (#2415)
* Add support for Delinea DevOps Secrets Vault

Closes #1709.

Signed-off-by: Michael Sauter <michael.sauter@boehringer-ingelheim.com>

* fix: remove merge conflict

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* Improve documentation

Signed-off-by: Michael Sauter <michael.sauter@boehringer-ingelheim.com>

---------

Signed-off-by: Michael Sauter <michael.sauter@boehringer-ingelheim.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>
2023-07-06 18:01:43 +02:00