1
0
Fork 0
mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00
Commit graph

544 commits

Author SHA1 Message Date
Moritz Johner
af367e9933
chore: refactor provider (#1529)
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2022-09-12 14:55:46 +02:00
renanaAkeyless
ed59520674
added akeyless k8s auth option (#1531)
* added akeyless k8s auth option

Signed-off-by: Docs <renana@akeyless.io>
2022-09-11 13:25:29 +02:00
Moritz Johner
ed0ceb8d84
fix: aws parameter store json decode, bump go 1.19 (#1525)
* fix: parameter store should decode complex json values

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2022-09-06 19:46:36 +02:00
Marcel Hoyer
17ece4df8f
flip order of err and nil secret variable check in listSecrets() function of vault provider (#1504)
Signed-off-by: Marcel Hoyer <mhoyer@pixelplastic.de>
2022-08-31 14:35:42 +02:00
dependabot[bot]
67fedc840e
Kubernetes v1.24 upgrade (#1345)
* build(deps): bump sigs.k8s.io/controller-runtime from 0.11.2 to 0.12.3

Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.11.2 to 0.12.3.
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/master/RELEASE.md)
- [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.11.2...v0.12.3)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/controller-runtime
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* feat: bump kubernetes 1.24

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* fix: backwards-compatible vault implementation

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* feat: add audiences field to serviceAccountRef

This will be used by aws, azure, gcp, kubernetes & vault providers
in combination with TokenRequest API: it will _append_ audience claims
to provider-specific audiences.

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* feat: refactor kubernetes client to match provider/client interfaces

the kubernetes provider mixed up provider and client interfaces which
made it really hard to reason about. This commit separates into two
structs, each implements one interface.
The client struct fields have been renamed and annotated so their use
and scope is clear.

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* fix: deprecate expirationSeconds

expirationSeconds is not needed because we generate a
service account token on the fly for a single use.
There will be no replacement for this.

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* fix: rename token fetch audiences field

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* fix: generate CRDs

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
2022-08-19 17:32:06 +02:00
Moritz Johner
2d20b5488e
feat: add azkv.environmentType (#1469)
users of USGovCloud, ChinaCloud, GermanCloud need slightly different
configuration for AADEndpoint and keyvault resource.

This is based on CSI Secret Store Azure KV driver,

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2022-08-18 00:12:44 +02:00
Moritz Johner
8e245f6073
fix: remove convertKeys from aws providers (#1470)
ConvertKeys is called in the external secrets controller
which takes care of mapping the keys.
Calling it before returning the data is a bug as it
interferes with the new rewrite feature.

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2022-08-17 15:36:02 +02:00
stephen-dexda
e64acea549
fix: AWS attr. dot check off-by-one error (#1459)
* Fix off-by-one in check for dot in JSON attr. name

Signed-off-by: stephen-dexda <stephen@dexda.io>
2022-08-15 21:44:32 +02:00
dependabot[bot]
bf21843eba
⬆️github.com/akeylesslabs/akeyless-go/v2 from 2.16.8 to 2.17.0 (#1438)
* Bump github.com/akeylesslabs/akeyless-go/v2 from 2.16.8 to 2.17.0

Bumps [github.com/akeylesslabs/akeyless-go/v2](https://github.com/akeylesslabs/akeyless-go) from 2.16.8 to 2.17.0.
- [Release notes](https://github.com/akeylesslabs/akeyless-go/releases)
- [Changelog](https://github.com/akeylesslabs/akeyless-go/blob/master/docs/KmipRenewServerCertificate.md)
- [Commits](https://github.com/akeylesslabs/akeyless-go/compare/v2.16.8...v2.17.0)

---
updated-dependencies:
- dependency-name: github.com/akeylesslabs/akeyless-go/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Fixing linting issues

Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Gustavo Carvalho <gusfcarvalho@gmail.com>
2022-08-11 14:32:04 -03:00
Kewei Ma
53443eaadf
Fix provisionedNamespaces in Status field of ClusterExternalSecret keeps getting updated non-stop (#1441)
Signed-off-by: Kewei Ma <kewei@indeed.com>
2022-08-09 17:55:34 +02:00
Gustavo Fernandes de Carvalho
b4e7acfaa9
Implements dataFrom key rewrite (#1381)
* Implements dataFrom key rewrite

Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>
Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com>

* docs: add example to remove invalid characters

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
2022-08-04 15:24:02 -03:00
Moritz Johner
6593e06561
fix: handle empty conversionStrategy (#1408)
This is for the case when the conversion webhook does not
set the conversionStrategy properly (it doesn't run the Defaulter).

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2022-08-01 19:44:09 +02:00
Mike
fdf1f9ce6f
feat: Add support for container auth to IBM provider. (#1177) 2022-07-26 22:48:07 +02:00
david amick
524e33bbeb
🧹Improve 1Password integration and docs (#1340) 2022-07-26 09:07:48 -03:00
Stanislaw Scherban
eb8e614755
retryer implementation to handle throttling exceptions on AWS (#1331)
* awsretryer implemented for AWS providers
2022-07-19 20:00:46 +02:00
Gustavo Fernandes de Carvalho
fa91ba0f6c
Adds DecodingStrategy to ExternalSecrets (#1294)
Fixes #920

Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
2022-07-12 09:18:00 -03:00
paul-the-alien[bot]
c42c48911e
Merge pull request #1283 from external-secrets/mj-fix-aws-token-aud
fix: respect aud annotation at IRSA
2022-06-22 14:17:48 +00:00
paul-the-alien[bot]
240b8db4f0
Merge pull request #1244 from albertollamaso/reuse-aws-session
Once the AWS session is created first time, it can be reused
2022-06-22 13:20:37 +00:00
Alberto Llamas
e31a408e1d update 2022-06-22 07:24:26 +02:00
Moritz Johner
8f85e53f17 fix: respect aud annotation at IRSA 2022-06-21 23:33:24 +02:00
Alberto Llamas
629d2f391c fix 2022-06-21 12:14:36 +02:00
Alberto Llamas
5ec222dfd0 update 2022-06-21 11:52:01 +02:00
Alberto Llamas
c3335907ac Fix recommendations from go-lint 2022-06-18 13:05:47 +02:00
Alberto Llamas
ad63b74c9f Reuse AWS session as feature gate that a user has to opt-in in order to use it 2022-06-18 10:54:47 +02:00
paul-the-alien[bot]
94024a144b
Merge pull request #1257 from external-secrets/bug-1137
Azure KeyVault decoding bugs
2022-06-15 21:20:44 +00:00
Moritz Johner
cff9be1664
feat(kubernetes): allow service account auth (#1201)
* feat(kubernetes): allow service account auth

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2022-06-13 21:49:05 +02:00
Alberto Llamas
909d137a83 Removing newlines 2022-06-13 20:36:58 +02:00
Alberto Llamas
cb6f66b5ac Fix aws session logic 2022-06-13 20:24:25 +02:00
Sebastián Gómez
9bc7eb1436 Remove codesmell 2022-06-13 11:56:38 -04:00
Sebastián Gómez
4ae98fc995 Removed code smell and simplified use of tags 2022-06-13 11:40:01 -04:00
Sebastián Gómez
65e93fa992 Code refactoring 2022-06-13 09:28:11 -04:00
Sebastián Gómez
aed1719697 Lint fixes 2022-06-13 09:27:54 -04:00
paul-the-alien[bot]
e4fbc633a1
Merge pull request #1254 from marcincuber/feat/yaml
Adding toYaml fromYaml helper functions
2022-06-11 12:19:50 +00:00
marcincuber
c8f13a0e1a fix test 2022-06-11 12:15:13 +01:00
marcincuber
a1e7862698 add tests 2022-06-11 11:15:06 +01:00
Sebastián Gómez
7714c29c87 Merge branch 'main' into bug-1137 2022-06-10 17:09:03 -04:00
Sebastián Gómez
b4dcffbf86 Fix cases with properties and json 2022-06-10 17:07:42 -04:00
Rhaenys
f005cc0346
azkv more unittest coverage (#1149) 2022-06-10 22:09:59 +02:00
marcincuber
5fe3b2d810 lint 2022-06-10 11:09:46 +01:00
marcincuber
efc8ede754 add yaml helper functions 2022-06-10 11:04:59 +01:00
Alberto Llamas
d64941ece9 Once the AWS session is created first time, it can be reused 2022-06-07 10:25:30 +02:00
paul-the-alien[bot]
94aa568929
Merge pull request #1173 from external-secrets/dependabot/go_modules/github.com/1Password/connect-sdk-go-1.4.0
build(deps): bump github.com/1Password/connect-sdk-go from 1.2.0 to 1.4.0
2022-06-07 08:19:24 +00:00
Docs
cc1043d3a6
Update fakes to implement client for 1Password/connect-sdk-go v1.4.0 2022-06-01 16:38:41 -07:00
Gustavo Carvalho
e6f050e873 make sure we check if it is referent during NewClient
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
2022-06-01 13:15:36 -03:00
Gustavo Carvalho
a01a23bfc1 fixing panic if using JWT with KubernetesServiceAccountToken
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
2022-05-31 11:40:00 -03:00
Sebastián Gómez
c5909fb966 Fix the first case, nested json. Test was also added 2022-05-30 11:05:20 -04:00
Moritz Johner
8c14f8aff0 fix: loosen validation to enable referent auth.
also adding tests for vault. this is the only provider that supports
that as of now.

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2022-05-23 20:10:16 +02:00
Moritz Johner
d4e9a56c21
fix: correctly convert matchExpressions to labelSelector (#1165)
Fixes #1155

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
2022-05-23 10:48:54 +02:00
Nitzan Nissim
97126d9798
Add support for IBM Secrets Manager's Private Certificate (#1160)
* Use gsed on macos.

Signed-off-by: Marcin Kubica <marcin.kubica@engineerbetter.com>

* Add private_cert support

* Add private_cert support

Co-authored-by: Marcin Kubica <marcin.kubica@engineerbetter.com>
2022-05-21 22:53:31 +02:00
paul-the-alien[bot]
1a6579b876
Merge pull request #1062 from dreadful-dragon/feature/azkv-tags-sync
azkv tag feature
2022-05-20 15:51:50 +00:00