1
0
Fork 0
mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00
Commit graph

2256 commits

Author SHA1 Message Date
Moritz Johner
9c436af220
feat: add ESO threat model (#2308)
* feat: add ESO threat model

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* Update docs/guides/threat-model.md

Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
Signed-off-by: Moritz Johner <moolen@users.noreply.github.com>

* feat: add controls to disable CRDs C05

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

---------

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Signed-off-by: Moritz Johner <moolen@users.noreply.github.com>
Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
2023-06-12 13:07:36 +02:00
Moritz Johner
05803f7aff
feat: add e2e tests for aws role-based auth (#2376)
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2023-06-12 12:58:29 +02:00
dependabot[bot]
248361d4e4
chore(deps): bump golang from 1.20.4-alpine to 1.20.5-alpine (#2405)
Bumps golang from 1.20.4-alpine to 1.20.5-alpine.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-12 11:51:02 +02:00
Shuhei Kitagawa
7a7ab8ad29
Stop discarding golangci-lint errors (#2383)
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
2023-06-09 12:51:47 +02:00
Moritz Johner
9f91829566
feat: add SLIs to dashboard (#2360)
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2023-06-09 12:00:30 +02:00
Eric
fb944d599d
Fix exit with no error when cert violates lookahead (#2395)
Add an exit message when the certificate check triggers a fatal exit
(via cancel()). When cancel() is called, this cancels the main
context which causes the webhook to shutdown.

A return is also added to ensure the message "valid" comes out right
after "invalid" like so:

"certs are not valid at..."
"certs are valid"

Signed-off-by: Eric Stokes <fernferret@gmail.com>
2023-06-07 21:27:17 +02:00
Shuhei Kitagawa
5a6d661c9e
Fix the test Make task (#2381)
* Fix the test Make task

Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>

* fix: retry shutdown of testEnv

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

---------

Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
2023-06-06 11:25:51 +02:00
Shuhei Kitagawa
36ae1c1a5e
Add status_condition metric for ClusterExternalSecret (#2380)
* Add status_condition metric for ClusterExternalSecret

Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>

* Register ClusterExternalSecretCondition metric

Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>

* Stop setting namespace for ClusterExternalSecretStatusCondition

Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>

---------

Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
2023-06-06 09:29:30 +02:00
Shuhei Kitagawa
8a05e2f8ae
Add reconcile_duration metrics (#2382)
* Add reconcile_duration metrics

Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>

* fix: increase dupl threshold

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

---------

Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
2023-06-05 21:26:25 +02:00
eso-service-account-app[bot]
979d8beb94
chore: update dependencies (#2386)
* update dependencies

Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>

* fix: downgrade one kube-openapi dep

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

---------

Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
2023-06-05 19:51:13 +02:00
dependabot[bot]
77ff5f7b01
chore(deps): bump mikepenz/release-changelog-builder-action from 3 to 4 (#2384)
Bumps [mikepenz/release-changelog-builder-action](https://github.com/mikepenz/release-changelog-builder-action) from 3 to 4.
- [Release notes](https://github.com/mikepenz/release-changelog-builder-action/releases)
- [Commits](https://github.com/mikepenz/release-changelog-builder-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: mikepenz/release-changelog-builder-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-05 14:04:20 +02:00
Maxime Guillet
7083f82c30
feat: allow to set a common set of labels in the helm chart (#2379)
* feat: allow to set a common set of labels in the helm chart

Signed-off-by: Maxime Guillet <6997681+maximeguillet@users.noreply.github.com>

* fix: update helm snapshot

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

---------

Signed-off-by: Maxime Guillet <6997681+maximeguillet@users.noreply.github.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
2023-06-02 21:47:30 +02:00
Nima Fotouhi
e7799e757a
Adding session tags & transitive tags to SecretStore definition (#2372)
* feat: added session tag capability to assume role

modified apis/externalsecrets/v1beta1/secretstore_aws_types.go to expect session tags and transitive tags structs
modified pkg/provider/aws/auth/auth.go to pass session tags if they exist

Signed-off-by: Nima Fotouhi <fotouhi@live.com>

* fix: make build errors (JSON serialization error)

modified apis/externalsecrets/v1beta1/secretstore_aws_types.go to include a new custom struct (Tag) used with SessionTags instead of []*sts.Tag
modified pkg/provider/aws/auth/auth.go to convert custom Tag struct to sts.Tag before passing to assume role API call

Signed-off-by: Nima Fotouhi <fotouhi@live.com>

* removed unnecessary commented out code

Signed-off-by: Nima Fotouhi <fotouhi@live.com>

* chore(deps): bump actions/setup-python from 4.6.0 to 4.6.1 (#2366)

Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.6.0 to 4.6.1.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v4.6.0...v4.6.1)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Nima Fotouhi <fotouhi@live.com>

* 📚 Update stability-support.md (#2363)

Staring 0.82, IBM Cloud Secrets Manager supports fetching secrets by name as well as ID.

Signed-off-by: Idan Adar <iadar@il.ibm.com>
Signed-off-by: Nima Fotouhi <fotouhi@live.com>

* feat: ran make reviewable tasks (except for docs)

Signed-off-by: Nima Fotouhi <fotouhi@live.com>

* refractor: made addition of TransitiveTagKeys to setAssumeRoleOptions dependant to presence of SessionTags. So if user includes Transitive Tags in SecretStore definition without Session Tags, tags get ignored

Signed-off-by: Nima Fotouhi <fotouhi@live.com>

---------

Signed-off-by: Nima Fotouhi <fotouhi@live.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Idan Adar <iadar@il.ibm.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Idan Adar <iadar@il.ibm.com>
2023-06-01 11:12:02 +02:00
Gustavo Fernandes de Carvalho
218dd06169
Adds PushSecret property compatibility with Hashicorp vault Provider (#2361)
* Adds PushSecret property compatibility with Hashicorp vault Provider

Increases Test Coverage for Hashicorp Vault provider
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

* Fixing lint

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

* Fixing test property setup

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

---------

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
2023-05-31 04:59:09 -03:00
Moritz Johner
54664b43b1
chore: update dependencies (#2348)
* chore: update dependencies

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* chore: get rid of argo dependency to be independent of their k8s
versioning

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

---------

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2023-05-31 09:36:22 +02:00
Idan Adar
8522035fde
📚 Update stability-support.md (#2363)
Staring 0.82, IBM Cloud Secrets Manager supports fetching secrets by name as well as ID.

Signed-off-by: Idan Adar <iadar@il.ibm.com>
2023-05-29 06:24:26 -03:00
dependabot[bot]
1498f457b3
chore(deps): bump actions/setup-python from 4.6.0 to 4.6.1 (#2366)
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.6.0 to 4.6.1.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v4.6.0...v4.6.1)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-29 11:12:58 +02:00
Gustavo Fernandes de Carvalho
6b34d17963
📚 Update stability-support.md (#2358)
Signed-off-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
2023-05-26 05:02:34 -03:00
Moritz Johner
5fb8758278
fix: implement parameterstore versions (#2352)
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2023-05-26 01:06:10 +02:00
Luke Arntz
00d66e0bc4
Aws ssm parameterstore issue 1839 (#2350)
* update documentation

Signed-off-by: Luke Arntz <luke@blue42.net>

* default to GetParametersByPathWithContext

Add GetParametersByPathWithContext. To maintain backward compatibility moved the original `findByname` function to `fallbackFindByName` and created a new `findByName` function that uses the `GetParametersByPathWithContext` API call.

In function `findByName`, if we receive an `AccessDeniedException` when calling GetParametersByPathWithContext `return pm.fallbackFindByName(ctx, ref)`.

Signed-off-by: Luke Arntz <luke@blue42.net>

* feat: notify users about ssm permission improvements

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* fix: get parameters recursively and decrypt them

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

---------

Signed-off-by: Luke Arntz <luke@blue42.net>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
2023-05-26 01:05:59 +02:00
Moritz Johner
76c7f3b5b0
chore: bump 0.8.3 (#2359)
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2023-05-25 23:48:49 +02:00
Björn Kraus
d34981a228
added PHOENIX MEDIA to the list of adopters (#2357)
Signed-off-by: Björn Kraus <bjoern.kraus@phoenix-media.eu>
2023-05-25 19:34:40 +02:00
sdischer-sap
1551741c4f
fix(kubernetes):change capabilities to readwrite (#2354)
Signed-off-by: sdischer-sap <129972012+sdischer-sap@users.noreply.github.com>
2023-05-25 13:40:32 +02:00
Enrique González
2f8719ad41
docs: add push secret reconciler to core controller flags (#2355)
Signed-off-by: Enrique Gonzalez <goga.enrique@gmail.com>
2023-05-25 13:13:12 +02:00
Shuhei Kitagawa
9182858895
Use closures for ExternalSecretController metrics (#2345)
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
2023-05-24 21:31:35 +02:00
Moritz Johner
cd91168322
fix: generate manifests with the correct version (#2341)
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2023-05-22 21:56:25 +00:00
Shuhei Kitagawa
d879f37d9e
Add reconcile duration metric for ClusterExternalSecret controller (#2334)
* Add reconcile duration metric for ClusterExternalSecret controller

Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>

* chore: fmt imports

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

---------

Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
2023-05-22 22:43:23 +02:00
dependabot[bot]
21ca3c2dc0
chore(deps): bump helm/kind-action from 1.5.0 to 1.7.0 (#2336)
Bumps [helm/kind-action](https://github.com/helm/kind-action) from 1.5.0 to 1.7.0.
- [Release notes](https://github.com/helm/kind-action/releases)
- [Commits](https://github.com/helm/kind-action/compare/v1.5.0...v1.7.0)

---
updated-dependencies:
- dependency-name: helm/kind-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-22 19:18:48 +02:00
Moritz Johner
0a0d461f84
chore: bump release docs (#2340)
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2023-05-22 14:40:05 +02:00
Moritz Johner
c2f0e875dc
feat: release 0.8.2 helm chart (#2337)
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2023-05-22 12:42:28 +02:00
Moritz Johner
593eb13999
feat: allow to get auth data from vault response (#2325)
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2023-05-22 10:00:41 +02:00
Shanti G
00bc81c8c7
IBM Provider: enable ESO to pull secrets by name (#2326)
* IBM Provider: enable ESO to pull secrets by name

Signed-off-by: tanishg6@gmail.com <tanishg6@gmail.com>

* document ESO's capability to pull by secret name for IBM provider

Signed-off-by: tanishg6@gmail.com <tanishg6@gmail.com>

* correct the metrics instrumentation

Signed-off-by: tanishg6@gmail.com <tanishg6@gmail.com>

---------

Signed-off-by: tanishg6@gmail.com <tanishg6@gmail.com>
2023-05-18 21:02:40 +02:00
sdischer-sap
8034079e1d
Feature/pushsecret kubernetes (#2322)
* Add API changes for push secret to k8s

- Property field similar to ExternalSecret

Signed-off-by: Stephan Discher <stephan.discher@sap.com>

* rebase: merge commits

Signed-off-by: Stephan Discher <stephan.discher@sap.com>

* New Test cases for existing PushSecret Logic

Signed-off-by: Stephan Discher <stephan.discher@sap.com>

* feat: replace property if it exists, but differs

Signed-off-by: Stephan Discher <stephan.discher@sap.com>

* feat: restrict usage to having a property always

Signed-off-by: Stephan Discher <stephan.discher@sap.com>

* chore: refactor delete to work with property only and cleanup whole secret only if it would be empty otherwise

Signed-off-by: Stephan Discher <stephan.discher@sap.com>

* feat: refuse to work without property in spec

Signed-off-by: Stephan Discher <stephan.discher@sap.com>

* chore: cleanup code, make it more readable

Signed-off-by: Stephan Discher <stephan.discher@sap.com>

* feat: add metric calls for kubernetes

Signed-off-by: Stephan Discher <stephan.discher@sap.com>

* chore: reorder test cases

Signed-off-by: Stephan Discher <stephan.discher@sap.com>

* feat: make property optional to not break compatibility

Signed-off-by: Stephan Discher <stephan.discher@sap.com>

* fix: adapt fake impls to include new method to fix tests

Signed-off-by: Stephan Discher <stephan.discher@sap.com>

* feat: change status-ref to include property to allow multi property deletes

Signed-off-by: Stephan Discher <stephan.discher@sap.com>

* chore: fix make reviewable complains

Signed-off-by: Stephan Discher <stephan.discher@sap.com>

* fix: fix imports from merge conflict

Signed-off-by: Stephan Discher <stephan.discher@sap.com>

* chore: adapt latest make reviewable suggestions

Signed-off-by: Stephan Discher <stephan.discher@sap.com>

* docs: update push secret support for k8s provider

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* docs: add Kubernetes PushSecret docs

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

---------

Signed-off-by: Stephan Discher <stephan.discher@sap.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
2023-05-18 00:15:18 +02:00
Dylan Shepard
fdfa73dc61
hashicorp-vault pushsecret doc update (#2329)
Signed-off-by: Dylan Shepard <dylan@shepard.dev>
2023-05-17 22:55:44 +02:00
Scott Andrews
2174a67575
Make ExternalSecret a provisioned service (#2263)
The Service Binding for Kubernetes project (servicebinding.io) is a spec
to make it easier for workloads to consume services. At runtime, the
ServiceBinding resource references a service resources and workload
resource to connect to the service. The Secret for a service is
projected into a workload resource at a well known path.

Services can advertise the name of the Secret representing the service
on it's status at `.status.binding.name`. Hosting the name of a Secret
at this location is the Provisioned Service duck type. It has the effect
of decoupling the logical consumption of a service from the physical
Secret holding state.

Using ServiceBindings with ExternalSecrets today requires the user to
directly know and reference the Secret created by the ExternalSecret as
the service reference. This PR adds the name of the Secret to the status
of the ExternalSecret at a well known location where it is be discovered
by a ServiceBinding. With this change, user can reference an
ExternalSecret from a ServiceBinding.

A ClusterRole is also added with a well known label for the
ServiceBinding controller to have permission to watch ExternalSecrets
and read the binding Secret.

ClusterExternalSecret was not modified as ServiceBindings are limited to
the scope of a single namespace.

Signed-off-by: Scott Andrews <andrewssc@vmware.com>
2023-05-16 22:06:55 +02:00
Saumya Shovan Roy (Deep)
08bb2291fe
feat: add controller class on VaultDynamicSecret resources (#2287)
* feat: add generator for vaultdynamicsecret

* Added controllerClass on VaultDynamicSecret

* Added controllerClass on VaultDynamicSecret

Signed-off-by: rdeepc <12953177+rdeepc@users.noreply.github.com>

* Fixed lint

Signed-off-by: rdeepc <12953177+rdeepc@users.noreply.github.com>

* Fixed hack bash

Signed-off-by: rdeepc <12953177+rdeepc@users.noreply.github.com>

* feat: Implemented generator controller class support

- Controller class support in VaultDynamicSecret
- Controller class support in Fake

Signed-off-by: rdeepc <12953177+rdeepc@users.noreply.github.com>

* feat: Implemented Generator controller class check

Signed-off-by: rdeepc <12953177+rdeepc@users.noreply.github.com>

* feat: Implemented Generator controller class check

Signed-off-by: rdeepc <dpr0413@gmail.com>

* feat: Implemented Generator controller class check

Signed-off-by: rdeepc <dpr0413@gmail.com>

* feat: hoist controller class check to the top

The generator controller class check should be at the very top of the
reconcile function just like the other secretStore class check.

Otherwise we would return an error and as a result set the status field on the es
resource - which is undesirable. The controller should completely
ignore the resource instead.

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

---------

Signed-off-by: rdeepc <12953177+rdeepc@users.noreply.github.com>
Signed-off-by: rdeepc <dpr0413@gmail.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Frederic Mereu <frederic.mereu@gaming1.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
2023-05-16 08:59:26 +02:00
Moritz Johner
bbddc6f902
fix: nil check parameters (#2321)
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2023-05-16 08:17:01 +02:00
Shuhei Kitagawa
5ef0a44957
Add missing util unit tests (#2313)
Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>
2023-05-15 17:25:13 +02:00
Yuri Sa
b389570c81
Creating constants file (#2291)
* Creating constants file

Signed-off-by: Yuri Sa <yurimsa@gmail.com>

* Fixing lints

Signed-off-by: Yuri Sa <yurimsa@gmail.com>

---------

Signed-off-by: Yuri Sa <yurimsa@gmail.com>
2023-05-15 17:22:18 +02:00
Maikel
6128e1d045
fix: use correct casing in docs for GitLab provider (#2303)
* fix: use correct casing in docs for GitLab provider

Signed-off-by: Maikel Vlasman <git@maikelvlasman.com>

* chore: update helm tests

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

---------

Signed-off-by: Maikel Vlasman <git@maikelvlasman.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Maikel Vlasman <git@maikelvlasman.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
2023-05-15 14:12:24 +02:00
Moritz Johner
06cc4bfc39
chore: bump dependencies (#2314) 2023-05-15 11:11:10 +02:00
Moritz Johner
e2bc666a74
feat: LTS release process (#2155)
* feat: auto-update dependencies

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* docs: add release docs

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* fix: remove note about image tag

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* fix: add variables to allow build from release branch

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* Update design/006-LTS-release.md

Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
Signed-off-by: Moritz Johner <moolen@users.noreply.github.com>

* Update design/006-LTS-release.md

Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
Signed-off-by: Moritz Johner <moolen@users.noreply.github.com>

* Update design/006-LTS-release.md

Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
Signed-off-by: Moritz Johner <moolen@users.noreply.github.com>

* Update design/006-LTS-release.md

Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
Signed-off-by: Moritz Johner <moolen@users.noreply.github.com>

* fix: github ref regex match release branch

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* feat: migrate to new issue template format

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

---------

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Signed-off-by: Moritz Johner <moolen@users.noreply.github.com>
Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
2023-05-15 09:06:15 +02:00
Shanti G
405c12c314
update ibm secrets manager provider version to v2 (#2254)
* update ibm secrets manager version to v2

Signed-off-by: tanishg6@gmail.com <tanishg6@gmail.com>

* update go.mod to point to v2.0.0

Signed-off-by: tanishg6@gmail.com <tanishg6@gmail.com>

---------

Signed-off-by: tanishg6@gmail.com <tanishg6@gmail.com>
Signed-off-by: Shanti G <81566195+Shanti-G@users.noreply.github.com>
2023-05-14 09:18:56 +02:00
Gustavo Fernandes de Carvalho
ddfe51d715
🐛 bumping helm test snapshots (#2311)
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
2023-05-13 06:40:26 -03:00
Brian Dean Richardson
9be0f87794
allow vault roleId to come from k8s Secret (continued) (#2284)
* allow vault roleId to come from k8s Secret

Signed-off-by: intrand <intrand@users.noreply.github.com>

* mark RoleID as optional in kubebuilder

Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
Signed-off-by: intrand <intrand@users.noreply.github.com>

* mark RoleRef as optional in kubebuilder

Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
Signed-off-by: intrand <intrand@users.noreply.github.com>

* validate RoleRef through webhook

Signed-off-by: intrand <intrand@users.noreply.github.com>

* chore: make fmt/reviewable vault roleId addition

Signed-off-by: Brian Richardson <brianthemathguy@gmail.com>

---------

Signed-off-by: intrand <intrand@users.noreply.github.com>
Signed-off-by: Brian Richardson <brianthemathguy@gmail.com>
Co-authored-by: intrand <intrand@users.noreply.github.com>
Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>
2023-05-12 07:56:26 -03:00
Gustavo Fernandes de Carvalho
1cf7c3a6e3
🧹 Bumping GolangciLint version and fixing lint issues (#2304)
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
2023-05-12 05:11:33 -03:00
dependabot[bot]
c886568c27
chore(deps): bump golang from 1.20.3-alpine to 1.20.4-alpine (#2295)
Bumps golang from 1.20.3-alpine to 1.20.4-alpine.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-11 22:55:18 +02:00
Gaurav Dasson
7b8fef2c18
Enabling Vault IAM auth (#2208)
* Enabling Vault IAM auth

Signed-off-by: Gaurav Dasson <gaurav.dasson@gmail.com>

* Adding spec

Signed-off-by: Gaurav Dasson <gaurav.dasson@gmail.com>

* Adding test cases and decoupling vault provider from aws for iam auth

Signed-off-by: Gaurav Dasson <gaurav.dasson@gmail.com>

* Fixing comments

Signed-off-by: Gaurav Dasson <gaurav.dasson@gmail.com>

* Fixing linter issues

Signed-off-by: Gaurav Dasson <gaurav.dasson@gmail.com>

* Fixing the check-diff errors

Signed-off-by: Gaurav Dasson <gaurav.dasson@gmail.com>

* Adding support for assumeRole operations when using static creds

Signed-off-by: Gaurav Dasson <gdasson@Gauravs-Mac-mini.local>

* Bumping the dependencies to fix the go.mod/go.sum conflicts

Signed-off-by: Gaurav Dasson <gdasson@Gauravs-Mac-mini.local>

* Bumping up e2e go mod files

Signed-off-by: Gaurav Dasson <gaurav.dasson@gmail.com>

---------

Signed-off-by: Gaurav Dasson <gaurav.dasson@gmail.com>
2023-05-11 06:10:07 -03:00
Moritz Johner
f6475d63b0
feat: add security best practices doc, restructure guides section (#2290)
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2023-05-11 08:21:30 +02:00
Miworfi
ddb384cfe5
chore: new adopter (#2293)
PITS Global Data Recovery Services

Signed-off-by: Miworfi <87698848+miworfi@users.noreply.github.com>
2023-05-04 21:51:11 +02:00