* chore: update dependencies
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* chore: get rid of argo dependency to be independent of their k8s
versioning
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
---------
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* fix: export grafana dashboard properly
The dashboard JSON must be exported via the share UI, instead of the
JSON Model from settings.
This allows a user to select the correct datasource when importing it
via UI.
see here: https://grafana.com/docs/grafana/latest/dashboards/manage-dashboards/#exporting-a-dashboard
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* chore: bump deps
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
---------
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* wip: basic structure of scaleway provider
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* test: add some tests for GetAllSecrets
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* feat: implement PushSecret
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* test: improved test fixtures
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* feat: allow finding secrets by project using the path property
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* feat: add delete secret method
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* Delete dupplicate of push remote ref test implem
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* feat: add capability to use a secret for configuring access token
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* feat: implement GetSecretMap
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* feat: filtering by name and projetc id
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* test: add test for finding secret by name regexp
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* feat: config validation
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* fix: handle situation where no namespace is specified and we cannot provide a default
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* feat: reference secrets by id or name
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* fix: invalid request caused by pagination handling
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* feat: log the error when failing to access secret version
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* fix: pass context to sdk where missing
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* feat: add a cache for reducing AccessSecretVersion() calls
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* refacto: use GetSecret with name instead of ListSecrets
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* feat: allow using secret name in ExternalSecrets
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* feat: use latest_enabled instead of latest
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* refacto: optimized PushSecret and improved its test coverage
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* fix: doesConfigDependOnNamespace was always true
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* feat: use new api with refactored name-based endpoints
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* remove useless todo
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* fix: use secret names as key for GetAllSecrets
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* feat: support gjson propery lookup
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* feat: e2e tests
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* test: e2e test using secret to store api key
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* test: cleanup left over resources on the secret manager before each e2e run
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* doc: add doc for scaleway provider
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* refacto: fix lint issues
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* test: cleanup code in e2e was commented
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* feat: the previous version is disabled when we push to a secret
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* doc: add comments to ScalewayProvider struct to point to console and doc
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
* feat: add missing e2e env vars for scaleway
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* docs: add scaleway to support/stability table
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
---------
Signed-off-by: Julien Loctaux <no.mail@jloc.fr>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
* chore: bump dependencies
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* fix: disable flow logs in EKS testbed
This causes issues in the way we set up the trust relationship between
GHA and AWS; We see a HTTP 400 when tf tries to assume this role.
Because
we don't need this we can disable it.
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
---------
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* chore: bump dependencies
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* fix: bump libksba package
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* fix: cleanup go sum
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* Parameterize the readiness probe port and add a default address since `healthz-address` is an address not a port
Signed-off-by: insomniacoder <tanatloke@gmail.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* feat: test UBI image build
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-Authored-By: Idan Adar <iadar@il.ibm.com>
Co-Authored-By: mrgadgil
* build(deps): bump sigs.k8s.io/controller-runtime from 0.11.2 to 0.12.3
Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.11.2 to 0.12.3.
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/master/RELEASE.md)
- [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.11.2...v0.12.3)
---
updated-dependencies:
- dependency-name: sigs.k8s.io/controller-runtime
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* feat: bump kubernetes 1.24
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* fix: backwards-compatible vault implementation
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* feat: add audiences field to serviceAccountRef
This will be used by aws, azure, gcp, kubernetes & vault providers
in combination with TokenRequest API: it will _append_ audience claims
to provider-specific audiences.
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* feat: refactor kubernetes client to match provider/client interfaces
the kubernetes provider mixed up provider and client interfaces which
made it really hard to reason about. This commit separates into two
structs, each implements one interface.
The client struct fields have been renamed and annotated so their use
and scope is clear.
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* fix: deprecate expirationSeconds
expirationSeconds is not needed because we generate a
service account token on the fly for a single use.
There will be no replacement for this.
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* fix: rename token fetch audiences field
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
* fix: generate CRDs
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
