external-secrets

mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00

Author	SHA1	Message	Date
cspargo	fdc21faf61	✨ AWS Role Chaining (#1855 ) Signed-off-by: cspargo <colinspargo@gmail.com>	2023-01-08 11:49:22 -03:00
Gustavo Fernandes de Carvalho	0bd9ea4dbd	✨ Templates from string (#1748 ) * Adds templates from string Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>	2023-01-03 19:02:43 -03:00
Gustavo Fernandes de Carvalho	0cb799b5cf	✨Feature/push secret (#1315 ) Introduces Push Secret feature with implementations for the following providers: * GCP Secret Manager * AWS Secrets Manager * AWS Parameter Store * Hashicorp Vault KV Signed-off-by: Dominic Meddick <dominic.meddick@engineerbetter.com> Signed-off-by: Amr Fawzy <amr.fawzy@container-solutions.com> Signed-off-by: William Young <will.young@engineerbetter.com> Signed-off-by: James Cleveland <james.cleveland@engineerbetter.com> Signed-off-by: Lilly Daniell <lilly.daniell@engineerbetter.com> Signed-off-by: Adrienne Galloway <adrienne.galloway@engineerbetter.com> Signed-off-by: Marcus Dantas <marcus.dantas@engineerbetter.com> Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Nick Ruffles <nick.ruffles@engineerbetter.com>	2022-11-29 16:04:46 -03:00
Dominik Zeiger	f38f40a2b4	gitlab: support for CI/CD group variables (#1692 ) * gitlab: support for ci/cd group variables Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> * gitlab: support for ci/cd group variables (automatically discover project groups) Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> * gitlab: support for ci/cd group variables (documentation) Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>	2022-11-21 22:26:34 +01:00
Moritz Johner	dabfa5a589	Feature: initial generator implementation + Github Actions OIDC/AWS (#1539 ) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>	2022-10-29 20:15:50 +02:00
Yannay Hammer	14f5ddf198	Added namespace condition to ClusterSecretStore (#1635 ) * Added namespace condition to ClusterSecretStore Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Added the new conditions field to the docs Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Added tests to ClusterSecretStore namespace conditions Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Added some comments to explain tests better Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Fixed a testcase Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Increased golangci timeout to 10m Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Fixed test to use fakeProvider correctly Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Removed hardcoded timeout from make lint Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Improved error message on non matching namespace Co-authored-by: Moritz Johner <moolen@users.noreply.github.com> Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Modified testCase to use GenericStore interface Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Attempt at generalizing the testcase and reducing code duplication Signed-off-by: Yannay Hammer <yannayha@gmail.com> * Reduced some diff Signed-off-by: Yannay Hammer <yannayha@gmail.com> * fix: tidy e2e mod Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Yannay Hammer <yannayha@gmail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: Docs <docs@external-secrets.io> Co-authored-by: Moritz Johner <moolen@users.noreply.github.com> Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>	2022-10-17 16:40:18 +02:00
Dominik Zeiger	fa38fe1e60	enable configuration of environment_scope for gitlab provider (#1565 ) * enable configuration of environment_scope for gitlab provider Signed-off-by: Dominik Zeiger <dominik@zeiger.biz>	2022-09-27 22:08:38 +02:00
Ryan Blunden	f01e13f21b	Add Doppler provider (#1573 ) * Add Doppler provider Signed-off-by: Ryan Blunden <ryan.blunden@doppler.com>	2022-09-23 22:47:25 +02:00
renanaAkeyless	ed59520674	added akeyless k8s auth option (#1531 ) * added akeyless k8s auth option Signed-off-by: Docs <renana@akeyless.io>	2022-09-11 13:25:29 +02:00
Moritz Johner	ed0ceb8d84	fix: aws parameter store json decode, bump go 1.19 (#1525 ) * fix: parameter store should decode complex json values Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2022-09-06 19:46:36 +02:00
dependabot[bot]	67fedc840e	✨ Kubernetes v1.24 upgrade (#1345 ) * build(deps): bump sigs.k8s.io/controller-runtime from 0.11.2 to 0.12.3 Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.11.2 to 0.12.3. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/master/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.11.2...v0.12.3) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * feat: bump kubernetes 1.24 Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: backwards-compatible vault implementation Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * feat: add audiences field to serviceAccountRef This will be used by aws, azure, gcp, kubernetes & vault providers in combination with TokenRequest API: it will _append_ audience claims to provider-specific audiences. Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * feat: refactor kubernetes client to match provider/client interfaces the kubernetes provider mixed up provider and client interfaces which made it really hard to reason about. This commit separates into two structs, each implements one interface. The client struct fields have been renamed and annotated so their use and scope is clear. Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: deprecate expirationSeconds expirationSeconds is not needed because we generate a service account token on the fly for a single use. There will be no replacement for this. Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: rename token fetch audiences field Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: generate CRDs Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>	2022-08-19 17:32:06 +02:00
Moritz Johner	2d20b5488e	feat: add azkv.environmentType (#1469 ) users of USGovCloud, ChinaCloud, GermanCloud need slightly different configuration for AADEndpoint and keyvault resource. This is based on CSI Secret Store Azure KV driver, Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2022-08-18 00:12:44 +02:00
Nandor Magyar	a0055100d9	clean: typo (clister) in azurekv_types (#1442 ) Signed-off-by: Nandor Magyar <nandormagyar.it@gmail.com> Signed-off-by: Nandor Magyar <nandormagyar.it@gmail.com>	2022-08-10 20:02:31 +02:00
Helena Steck	2b5710d8d5	add missing default values for spec.target (#1431 ) Add missing default values for ExternalSecretTarget on CRD definition Fixes #1233 Signed-off-by: Helena Steck <steckhelena@gmail.com>	2022-08-08 21:27:13 +02:00
Gustavo Fernandes de Carvalho	b4e7acfaa9	✨Implements dataFrom key rewrite (#1381 ) * Implements dataFrom key rewrite Co-authored-by: Moritz Johner <moolen@users.noreply.github.com> Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> * docs: add example to remove invalid characters Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: Moritz Johner <moolen@users.noreply.github.com> Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>	2022-08-04 15:24:02 -03:00
Moritz Johner	4affcb7345	🐛Clarify CAProvider usage in struct annotations (#1397 ) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2022-07-27 18:44:23 -03:00
Mike	fdf1f9ce6f	feat: Add support for container auth to IBM provider. (#1177 )	2022-07-26 22:48:07 +02:00
Gareth Evans	7eff8db532	feat: additional columns for kubectl output (#1359 )	2022-07-19 20:48:37 +02:00
Gustavo Fernandes de Carvalho	fa91ba0f6c	✨ Adds DecodingStrategy to ExternalSecrets (#1294 ) Fixes #920 Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>	2022-07-12 09:18:00 -03:00
Moritz Johner	cff9be1664	feat(kubernetes): allow service account auth (#1201 ) * feat(kubernetes): allow service account auth Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2022-06-13 21:49:05 +02:00
Chris McCoy	c8fc27316a	Check 1beta1RemoteRef.Extract for nil	2022-06-01 12:11:58 -04:00
Moritz Johner	8c14f8aff0	fix: loosen validation to enable referent auth. also adding tests for vault. this is the only provider that supports that as of now. Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2022-05-23 20:10:16 +02:00
paul-the-alien[bot]	1a6579b876	Merge pull request #1062 from dreadful-dragon/feature/azkv-tags-sync azkv tag feature	2022-05-20 15:51:50 +00:00
paul-the-alien[bot]	3de2cc8bee	Merge pull request #1040 from AndreyZamyslov/yandex-certificate-manager Support for Yandex Certificate Manager	2022-05-17 16:48:58 +00:00
Cristina DE DIOS GONZÁLEZ	3256bc4b82	azkv tag feature	2022-05-16 16:49:34 +02:00
david amick	435aefc7ac	Add 1Password support	2022-05-08 17:01:26 -07:00
Docs	c73206b29c	Add senhasegura DSM provider	2022-05-02 13:28:18 -03:00
Gonzalo Servat	db7fd4a037	Fix casing on Gitlab	2022-04-28 21:43:42 +10:00
Docs	dc7df48cae	add support for Yandex Certificate Manager	2022-04-22 21:40:52 +03:00
Gustavo Carvalho	3bd0d2d04f	Making spec.target optional fixes #996 Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>	2022-04-20 13:27:13 -03:00
Merlin	4820cc9165	Ignore ExternalSecret processing if the store is not usuable (e.g. NotReady).	2022-04-13 23:24:39 +02:00
Moritz Johner	c2bcceb057	feat: implement deletionPolicy (#900 ) * feat: implement deletionPolicy Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: Gustavo Fernandes de Carvalho <gustavo.carvalho@container-solutions.com>	2022-04-05 13:38:06 +02:00
Alfred Krohmer	d7022b1bef	feat(vault): add option for JWT backend to authenticate with Kubernetes service account token (#768 )	2022-04-04 21:20:58 +02:00
Gustavo Carvalho	c779ef59e7	Marking v1alpha1 as deprecated. Improving docs and menu order. Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>	2022-03-29 11:21:32 -03:00
Moritz Johner	cf7e3832ae	feat(azure): implement workload identity (#738 ) * feat(azure): implement workload identity Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: Henning Eggers <henning.eggers@inovex.de>	2022-03-22 21:59:01 +01:00
Daniel Hix	324c7def06	feat: implement ClusterExternalSecret (#542 ) Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com>	2022-03-20 09:32:27 +01:00
Gustavo Carvalho	164e8776ec	Adding docs and implementing ConversionStrategy Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>	2022-03-09 06:59:54 -03:00
Gustavo Carvalho	2f23fd28ed	Adding GetAllSecrets for Hashicorp Vault Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>	2022-03-09 05:40:09 -03:00
paul-the-alien[bot]	439ecfaf9d	Merge pull request #783 from AtzeDeVries/allow-gcp-cross-project-secrets GCP: allow cluster to be in different project	2022-03-09 10:03:20 +00:00
Atze de Vries	2f53ab8220	also make optional for v1beta1 and add note to docs	2022-03-03 19:35:38 +01:00
Atze de Vries	739043283c	make clusterProjectID omitemtpy	2022-03-02 18:03:45 +01:00
Atze de Vries	da47ad2cac	GCP: allow cluster to be in different project	2022-03-02 11:24:04 +01:00
Moritz Johner	8fc4484cc6	feat: implement validating webhook Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>	2022-03-01 21:25:15 +01:00
Moritz Johner	fb8f496204	Merge branch 'main' into feature/conversion-webhook	2022-02-23 08:15:03 +01:00
rodrmartinez	39038b03c8	enforce that exactly one auth property is used	2022-02-22 15:45:45 -03:00
rodrmartinez	0392777965	Merge branch 'main' into feature/kubernetes-provider	2022-02-22 14:57:50 -03:00
rodrmartinez	7c4a17a9c3	Merge branch 'main' into feature/kubernetes-provider	2022-02-17 15:38:45 -03:00
rodrmartinez	86d7710727	changing kubernetes api struct	2022-02-17 14:45:43 -03:00
Gustavo Carvalho	c0ed7de5f7	Adding status information to kubectl get css Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>	2022-02-17 13:13:59 -03:00
Gustavo Carvalho	40ec693479	Merge branch 'main' into feature/conversion-webhook Fixed conflicts and implemented necessary changes for v1beta1	2022-02-16 16:00:32 -03:00

1 2 3

149 commits